memory-bank
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
git logandgit statusto gather project information and history for context generation. It also performs extensive file system searches using glob patterns to identify agent configuration files across the project tree.- [PROMPT_INJECTION]: The skill modifies the core instruction files of other AI agents (such as.cursorrules,CLAUDE.md, and.clinerules) to inject a mandatory protocol block. This protocol forces these agents to treat the contents of thememory-bank/directory as authoritative instructions at the start of every session.- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting potentially untrusted data from project files (e.g.,README.md,package.json) and the git history. This ingested data is used to populate context files that other agents are then instructed to read and follow without explicit sanitization or boundary markers to isolate the external content.
Audit Metadata