Skills
skills/hkuds/nanobot/memory/Gen Agent Trust Hub

memory

Pass

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides explicit instructions and command templates (grep, findstr, python -c) for the agent to execute via the exec tool to search local history files.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it retrieves and processes content from memory/HISTORY.md and memory/MEMORY.md, which store data from previous user interactions that could contain malicious instructions.
  • Ingestion points: memory/HISTORY.md and memory/MEMORY.md are read via read_file or exec in SKILL.md.
  • Boundary markers: The instructions do not specify the use of delimiters or warnings to ignore instructions embedded within the retrieved memory content.
  • Capability inventory: The agent is granted capabilities to execute shell commands via exec and perform file system modifications via write_file and edit_file across all files in the skill's scope.
  • Sanitization: There is no mention of sanitizing, escaping, or validating the content read back from the memory files before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 7, 2026, 01:48 AM