dream-memory
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to ingest and process session transcripts and logs, which are external data sources that may contain untrusted content.\n
- Ingestion points: The agent is instructed to review logs and transcripts identified by the
scripts/dream_memory.pyscript as specified inreferences/prompt-template.md.\n - Boundary markers: The prompt template uses placeholders like
<memory_report>to structure input, but lacks explicit guardrails or delimiters to prevent the agent from executing instructions potentially hidden within the processed logs.\n - Capability inventory: The skill allows the agent to read and write files within the memory and project directories to update topic files and
MEMORY.md.\n - Sanitization: No content filtering or sanitization of the logs is performed before the agent processes them.\n- [COMMAND_EXECUTION]: The skill executes a local Python script
scripts/dream_memory.pyto generate reports on the state of the memory directory.\n - Evidence:
SKILL.mdcontains the commandpython3 {baseDir}/scripts/dream_memory.py --memory-root /path/to/memory --transcripts-dir /path/to/transcripts.\n - Analysis: The script is part of the skill package and its behavior is limited to file system metadata analysis (size, modification time) and indexing within specified paths.
Audit Metadata