memory-init
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes 'memory-hub' CLI commands via Bash to initialize the project structure, write knowledge base files, and update the project catalog. These operations are intended and necessary for the skill's functionality.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it reads and processes untrusted project files to generate documentation. 1. Ingestion points: Reads package manifests, entry files, and configuration examples from the project root (SKILL.md). 2. Boundary markers: Uses shell heredocs (EOF) to pass data to the tool. 3. Capability inventory: Uses Bash, Read, and Glob tools. 4. Sanitization: File contents are processed by the LLM without specific sanitization steps.
- [SAFE]: No evidence of data exfiltration, credential theft, or malicious remote code execution was found. The skill operates locally on the project files as described.
Audit Metadata