memory-management
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The Python code pattern in SKILL.md constructs a prompt using f-string interpolation of 'user_input' and 'context' without delimiters. This allows an attacker to inject instructions that could override the agent's behavior.
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection through its state management logic.
- Ingestion points: Untrusted data is ingested into the prompt via the 'user_input' and 'context' variables in the 'memory_augmented_agent' function in SKILL.md.
- Boundary markers: The implementation lacks delimiters or instructions to the LLM to isolate potentially malicious commands within the data.
- Capability inventory: The script includes capabilities for LLM generation and database persistence via placeholders.
- Sanitization: No input validation or sanitization logic is present to filter or escape the interpolated data.
Audit Metadata