cognitive-memory
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses local bash scripts (scripts/init_memory.sh, upgrade_to_1.0.7.sh) to initialize directory structures, perform backups, and manage version upgrades. These scripts utilize standard system tools like git and python3 for local file and configuration management.
- [PROMPT_INJECTION]: The skill's memory persistence model creates a surface for Indirect Prompt Injection.
- Ingestion points: Data provided by the user via "Remember" triggers is stored in persistent markdown files (e.g., MEMORY.md, memory/episodes/Y-M-D.md).
- Boundary markers: Content is organized using markdown headers, but the system lacks robust delimiters or explicit instructions for the agent to ignore potentially malicious commands embedded within stored memories.
- Capability inventory: The agent has the capability to write to its own identity and soul files, manage a local git repository for auditing, and perform various filesystem operations.
- Sanitization: There is no evidence of sanitization or escaping of user-provided content before it is stored or re-read into the active context window.
Audit Metadata