engram-memory
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill mandates the proactive collection and storage of sensitive project metadata, including architectural decisions, bug fix root causes, configuration changes, and content from external tools like Jira and GitHub. This creates a persistent data exposure surface if the 'Engram' memory system is external or shared.
- [PROMPT_INJECTION]: The instructions use assertive directives ('MANDATORY', 'ALWAYS ACTIVE', 'MUST') to ensure protocol adherence, which can be used to override default agent safety or operational guardrails. Furthermore, it creates a vector for Indirect Prompt Injection. Ingestion points: Untrusted data enters the context from codebase discoveries, external artifacts (Notion/Jira/GitHub), and user-provided constraints. Boundary markers: The protocol lacks explicit markers or 'ignore instructions' warnings for data stored in or retrieved from memory. Capability inventory: Uses
mem_save,mem_context,mem_search,mem_get_observation, andmem_session_summaryto manage persistent state. Sanitization: No sanitization or validation of the content being saved to or retrieved from the persistent memory is specified.
Audit Metadata