mcp-memory-recall
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill implements a pattern for ingesting untrusted data from an external memory source.
- Ingestion points: The skill explicitly queries an external MCP/Neo4j memory server for project nodes, decisions, and constraints in SKILL.md.
- Boundary markers: Absent. There are no instructions to the agent to treat retrieved memory strictly as data or to ignore instructions embedded within that memory.
- Capability inventory: The skill uses MCP(*) which allows it to invoke any tool available on the configured MCP server, increasing the potential impact of an injection.
- Sanitization: Absent. The skill does not define any logic to sanitize or validate the content retrieved from the database before it is processed.
Audit Metadata