slack-memory-cleanup
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is designed to ingest and process markdown files that likely contain data from external sources like Slack messages. These files are evaluated by an LLM to make decisions about merging, moving, or deleting data.
- Ingestion points: Markdown files located within the
memories_path(specifically inusers/,channels/, andtasks/subdirectories). - Boundary markers: None. The instructions rely on the LLM parsing the file content and YAML frontmatter without explicit delimiters to separate data from instructions.
- Capability inventory: The skill documentation (SKILL.md) and Python scripts (
cleanup_memory.py, although not provided, its behavior is documented) indicate the capability to move, rename, and delete files on the local filesystem. - Sanitization: No evidence of sanitization or filtering of the file contents before they are processed by the LLM logic, creating a surface where an attacker could influence the cleanup process (e.g., inducing the agent to delete important project records).
Audit Metadata