conversation-memory
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [NO_CODE] (SAFE): The skill consists entirely of markdown documentation without any associated script files (.py, .js, .sh), binaries, or automation configurations. As such, there is no executable surface for traditional technical attacks.
- [Indirect Prompt Injection] (LOW): The skill describes a design for persisting and retrieving user-provided conversational data into subsequent LLM prompts, which is a structural surface for indirect prompt injection.
- Ingestion points: User conversation history and entity facts (SKILL.md).
- Boundary markers: Absent; the patterns do not explicitly recommend delimiters or isolation tags for memory retrieval.
- Capability inventory: No active capabilities such as subprocess execution, file writing, or network operations are implemented in the provided file.
- Sanitization: No sanitization or validation logic is discussed in the provided design principles.
Audit Metadata