Skills
skills/jzocb/ai-agent-memory/memory-management/Gen Agent Trust Hub

memory-management

Pass

Audited by Gen Agent Trust Hub on Feb 25, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The memory-compounding.py script implements a 'reflection' mechanism that is vulnerable to indirect prompt injection.
  • Ingestion points: The script reads daily logs from memory/YYYY-MM-DD.md, which can contain any text recorded by the agent, including untrusted content from web pages or user input.
  • Boundary markers: None. The log content is directly interpolated into the {log_content} placeholder in the REFLECTION_PROMPT string.
  • Capability inventory: The skill is granted high-privilege tools including exec, Read, Write, and Edit in SKILL.md.
  • Sanitization: No sanitization, escaping, or filtering is performed on the log content before it is sent to the LLM.
  • [COMMAND_EXECUTION]: The SKILL.md metadata explicitly allows the use of the exec tool. While this is intended for running the provided management scripts, it grants the agent the capability to execute arbitrary shell commands on the host system, which increases the impact of any successful prompt injection attack.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 25, 2026, 08:08 AM