memory
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It retrieves and acts upon instructions or context stored in a project memory file, which could be exploited if an attacker manages to modify the file content.\n- Ingestion points: The file
.memories/project_memory.jsonis used as a source for context and past decisions.\n- Boundary markers: Absent. The skill does not use delimiters or explicit instructions to isolate retrieved memory content from its core operational rules.\n- Capability inventory: The skill employs Read and Write tools for file management.\n- Sanitization: Absent. No validation or filtering is applied to the memory text before it is incorporated into the agent's context.
Audit Metadata