Skills
skills/itallstartedwithaidea/agent-skills/entity-memory-management/Gen Agent Trust Hub

entity-memory-management

Pass

Audited by Gen Agent Trust Hub on Apr 12, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill implements an indirect prompt injection surface through its entity extraction logic.
  • Ingestion points: The EXTRACTION_PROMPT in SKILL.md accepts raw conversation data via the {conversation} variable.
  • Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within the input conversation stream.
  • Capability inventory: Extracted entities are stored in Cloudflare KV via the upsert method and later retrieved to be injected back into the agent's context using the assemble_entity_context function.
  • Sanitization: The implementation lacks evidence of input validation or content filtering to prevent malicious instructions within conversations from being treated as valid entities or influencing the state of the memory system.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 12, 2026, 07:03 PM