memory-extractor
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: No security issues or malicious patterns were detected. The skill performs intended context management functions using standard scripts and prompts.
- [COMMAND_EXECUTION]: The skill includes
scripts/memory_manifest.py, a utility designed to read YAML frontmatter from Markdown files in a user-provided directory. The script uses safe standard libraries and does not perform network operations or unauthorized system modifications. - [PROMPT_INJECTION]: The skill provides a mechanism for processing conversation history into memories, which presents a surface for indirect prompt injection. Ingestion points: Conversation turns (via the
<recent_messages>placeholder) and memory file contents. Boundary markers: The prompt template uses<>delimiters to separate input data from instructions, though it lacks explicit 'ignore instructions' warnings. Capability inventory: File-read operations are performed byscripts/memory_manifest.py. The agent is expected to perform file-write operations using its native tools to update the memory manifest. Sanitization: No specific filtering or sanitization of the input text is implemented in the prompt template.
Audit Metadata