save-knowledge
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes a local script 'memory-manager.py' with parameters such as 'content_type', 'tags', and 'source context'. This execution is part of the core functionality for preparing and logging stored knowledge.
- [PROMPT_INJECTION]: The skill indexes untrusted data from URLs and conversation history for retrieval-augmented generation (RAG). Malicious content stored in the memory layer could manipulate agent behavior during future retrieval. 1. Ingestion points: The 'Content to store' field in SKILL.md accepts content from URLs and conversation references. 2. Boundary markers: No protective delimiters are specified to isolate external content from instructions. 3. Capability inventory: The skill executes local scripts, interacts with external databases (Pinecone, Qdrant), and manages local configuration files. 4. Sanitization: Content normalization is performed, but there is no mention of sanitizing input to specifically prevent prompt injection attacks.
Audit Metadata