memory-read
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill defines a Bash command template 'memory-hub read [--anchor ]' which directly interpolates user-provided variables into a shell command. Without strict validation or escaping of the 'bucket', 'file', and 'anchor' parameters, an attacker could potentially execute arbitrary commands or access files outside the intended directory via path traversal.
- [PROMPT_INJECTION]: The skill exhibits vulnerability to indirect prompt injection (Category 8) when processing data from the local file system. 1. Ingestion points: Content is retrieved from files within the '.memory/' directory using the 'memory-hub read' command specified in 'SKILL.md'. 2. Boundary markers: The skill does not implement delimiters or provide instructions for the agent to ignore any embedded directives within the retrieved file content. 3. Capability inventory: The skill is configured to use the 'Bash' tool to execute local commands. 4. Sanitization: There is no evidence of sanitization or filtering of the file content before it is returned to the agent context.
Audit Metadata