memory-management
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions to configure a system cron job to execute a local Python script (
memory-janitor.py) at a specific interval. This establishes a persistence mechanism for automated memory maintenance, which is consistent with the vendor's intended functionality for the agent workspace.\n- [PROMPT_INJECTION]: The memory management architecture reads from and writes to local files containing aggregated data, creating an attack surface for indirect prompt injection.\n - Ingestion points: Memory content is ingested from
MEMORY.md, daily logs, and structuredmemory/lessons/*.jsonlfiles.\n - Boundary markers: No specific delimiters or boundary markers are defined to isolate untrusted memory content from agent instructions.\n
- Capability inventory: The agent possesses the capability to modify local files and execute maintenance scripts on the host system.\n
- Sanitization: The instructions do not specify any validation or sanitization protocols for memory data before it is archived or processed by the agent.
Audit Metadata