memory-contract
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): This skill is susceptible to indirect prompt injection because it ingest and summarizes external user data through the
flowbabyRetrieveMemoryandflowbabyStoreSummarytools. - Ingestion points:
SKILL.mddescribes toolsflowbabyRetrieveMemoryandflowbabyStoreSummarywhich pull data from prior sessions and user interactions. - Boundary markers: Absent. The instructions do not specify delimiters or warnings to ignore instructions found within retrieved memory.
- Capability inventory: The skill is designed to guide reasoning and influence future tool calls based on retrieved data.
- Sanitization: Absent. There is no evidence of input validation or sanitization for the data retrieved from memory.
Audit Metadata