memory-curator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes session logs and historical daily logs which contain data from past interactions, creating a surface for indirect prompt injection.
- Ingestion points:
scripts/extract_session.pyreads session history from.jsonlfiles, andscripts/search_memory.pyreads existing markdown log files. - Boundary markers: Absent. The summaries and search results generated by the scripts do not include explicit delimiters or instructions for the agent to ignore potential commands embedded within the historical data.
- Capability inventory: The skill includes scripts for reading files (
scripts/search_memory.py), writing/appending to files (scripts/daily_log.py), and summarizing session data (scripts/extract_session.py). - Sanitization: Absent. The scripts read and display or write content directly without filtering or escaping techniques to prevent the LLM from executing instructions found in the text.
Audit Metadata