memory-capture
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill captures raw user input and appends it to files intended for future retrieval by the agent, creating a surface for cross-session instruction injection. * Ingestion points: User input gathered in the 'Understand What to Remember' step. * Boundary markers: None identified; user input is interpolated directly into markdown templates. * Capability inventory: File system write and append operations. * Sanitization: No evidence of input sanitization to prevent the storage of malicious instructions.
- [Data Exposure] (LOW): The skill accesses and writes to sensitive locations in the user's home directory (~/.factory/memories.md). This is documented as the primary functionality for cross-project memory persistence.
Audit Metadata