memory-write
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute the
memory-hubCLI tool. It interpolates parameters like 'bucket', 'file', 'topic', and 'summary' into a shell command. While this is the intended functionality, it requires the calling agent to properly sanitize these inputs to prevent shell injection. - [PROMPT_INJECTION]: The skill acts as an ingestion point for untrusted data. It takes markdown content via stdin and a summary via parameters, then writes them to the agent's knowledge base ('buckets'). This represents an indirect prompt injection surface; if an attacker provides malicious instructions within the saved content, the agent might follow those instructions in a future session when it reads the files.
- [COMMAND_EXECUTION]: The execution flow utilizes a heredoc (
<<'EOF') to pass content to thememory-hubtool, which is a secure way to handle multi-line strings in Bash and prevents immediate shell expansion of the content.
Audit Metadata