memory
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill utilizes standard system utilities (grep) for searching local history files. This is a low-risk operation consistent with the skill's purpose.
- [PROMPT_INJECTION] (LOW): The skill creates an indirect prompt injection surface by storing conversation history and facts in persistent files.
- Ingestion points: Data is read from
memory/HISTORY.mdvia the grep command andmemory/MEMORY.mdis loaded directly into the agent's context. - Boundary markers: None identified; the agent is not instructed to treat retrieved memory as potentially untrusted or to use delimiters to isolate stored content.
- Capability inventory: The agent has file-writing (
edit_file,write_file) and command-execution (exec) capabilities, which could be abused if malicious instructions are recalled from memory. - Sanitization: No sanitization or validation of data before it is written to the memory files is specified, allowing external content to be persisted exactly as received.
Audit Metadata