memory-manage
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted project content to update the agent's persistent memory layer.
- Ingestion points: The skill reads from project configuration files, READMEs, source files, tests, and CI/CD configurations during the init and update modes.
- Boundary markers: No explicit delimiters or instructions are used to separate untrusted content from the agent's core instructions.
- Capability inventory: Performs broad file system read operations and writes structured documentation to the ai-context/ directory.
- Sanitization: No validation, escaping, or filtering is applied to the data retrieved from project files before it is used to generate or update the documentation.
Audit Metadata