memory-protocol
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill creates an attack surface for indirect prompt injection (Category 8) by processing data from an external knowledge graph.
- Ingestion points: External data is ingested through mcp__memento__semantic_search and mcp__memento__open_nodes tool calls (SKILL.md, references/memento-protocol.md).
- Boundary markers: Absent. The protocol does not specify the use of delimiters or 'ignore embedded instruction' warnings for the retrieved content.
- Capability inventory: The environment allows for file-system writes to WORKING_STATE.md and potential shell command execution via other agent skills referenced in the documentation (SKILL.md).
- Sanitization: Absent. There are no instructions for sanitizing or validating retrieved data before it is used within the agent's context.
- [EXTERNAL_DOWNLOADS]: The skill identifies external dependencies including the Memento MCP server (https://github.com/gannonh/memento-mcp) and recommends installing related skills from the author's own repository (jwilger/agent-skills) using the npx command (SKILL.md).
- [COMMAND_EXECUTION]: The memory protocol relies on the execution of external tools (mcp__memento__*) provided by an MCP server to manage knowledge graph operations (references/memento-protocol.md).
Audit Metadata