memory
Warn
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: MEDIUMPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection via the automatic memory capture feature. 1. Ingestion points: Conversation signals and corrections (SKILL.md instruction 4, references/examples.md Example 3). 2. Boundary markers: Absent. 3. Capability inventory: Read and Write tools (SKILL.md), manage-memory.py script. 4. Sanitization: Absent in memory management logic.
- [PROMPT_INJECTION]: Instruction 3 in SKILL.md mandates that memories be applied 'silently' and 'automatically' without announcing them to the user. This lack of transparency allows poisoned or malicious memories to influence agent behavior in future sessions without oversight.
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the yldrmahmet/claude-never-forgets plugin (SKILL.md, Prerequisites), which introduces unverified third-party code into the agent environment.
- [COMMAND_EXECUTION]: Instruction 6 in SKILL.md references a missing script hooks/stop_cleanup.py for memory cleanup configuration, indicating a dependency on external code that may be dynamically executed at runtime.
- [DATA_EXFILTRATION]: The skill requires Write permissions to the .claude/memories/ directory. While used for legitimate persistence, this capability could be abused by a malicious memory to modify local files or stage data for exfiltration.
Audit Metadata