memory-context-management
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The memory management architecture introduces a surface for indirect prompt injection when the agent processes data from persistent storage.
- [PROMPT_INJECTION]: Ingestion points: The agent reads files from /workspace and retrieves session observations via the mem_search tool.
- [PROMPT_INJECTION]: Boundary markers: The skill utilizes <session_context> XML tags and manual session IDs in notes to delineate agent context.
- [PROMPT_INJECTION]: Capability inventory: The agent possesses capabilities for filesystem writes, bash command execution, and memory updates via mem_save.
- [PROMPT_INJECTION]: Sanitization: No explicit validation, escaping, or instruction-filtering logic is defined for the content ingested from files or memory.
- [NO_CODE]: The skill consists solely of documentation and instructions in a Markdown file with no accompanying scripts or binaries.
- [SAFE]: The kortix-sys-oc-plugin and its associated tools (mem_search, mem_save) are legitimate resources owned by the vendor (kortix-ai).
Audit Metadata