claude-mem-coded-assistant
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [NO_CODE]: The skill is comprised entirely of Markdown documentation and instructions. No executable scripts, binaries, or configuration files that trigger code execution are included in the skill package.\n- [PROMPT_INJECTION]: The workflow described in the skill creates a surface for indirect prompt injection by ingesting data from an external memory source and converting it into instructions in the project's primary control file.\n
- Ingestion points: Data enters the agent's context through observations retrieved via the
claude-memMCP tools (search,timeline,get_observations) as detailed inclaude-mem-usage.md.\n - Boundary markers: The skill instructions do not specify the use of boundary markers or protective wrappers when incorporating memory observations into
CLAUDE.mdorMEMORY.md.\n - Capability inventory: The skill facilitates modification of key local project files (
CLAUDE.mdandMEMORY.md). It does not define capabilities for subprocess execution, external network requests, or broad filesystem access.\n - Sanitization: No programmatic sanitization or validation of external content is included; the skill relies on the agent's distillation process to exclude malicious or sensitive data.
Audit Metadata