deep-agents-memory
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Filesystem Access Tools: The skill enables direct filesystem interaction, allowing the agent to list, read, and edit files. While these tools are essential for the skill's purpose, they represent a significant capability that could be misused if not properly restricted. The documentation mitigates this by highlighting security features such as 'virtual_mode' for directory sandboxing and human-in-the-loop approvals for file modifications.\n- Indirect Prompt Injection Surface: The agent ingests data from external files, which could potentially harbor adversarial instructions designed to influence the agent's logic.\n
- Ingestion points: Data enters the agent context through 'read_file', 'grep', and 'glob' operations in SKILL.md.\n
- Boundary markers: The examples do not explicitly show delimiters to isolate file content from the agent's primary instructions.\n
- Capability inventory: The skill provides a suite of filesystem tools (ls, read, write, edit, glob, grep) that could be targets for an injection attack.\n
- Sanitization: The skill emphasizes path-level sanitization via 'virtual_mode' but does not detail content-level validation for read data.\n- Data Persistence Configuration: The skill demonstrates how to configure persistent storage using database connection strings. While this is a standard requirement for the functionality, it is recommended to manage sensitive credentials via environment variables to prevent accidental exposure.
Audit Metadata