memory-manager
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill instructs the agent to adopt a persistent identity and principles defined in SOUL.md (e.g., "Loyal to user, not abstractions"), which acts as a cross-session instruction override.
- [PROMPT_INJECTION]: The skill's memory consolidation mechanism creates a surface for indirect prompt injection.
- Ingestion points: Behavioral and contextual data are read from SOUL.md and USER.md within the @{skill_dir}/memory/ directory at the start of every session.
- Boundary markers: The skill lacks explicit delimiters or instructions to treat memory as data rather than commands, allowing stored user input to potentially influence agent logic.
- Capability inventory: The skill uses file system access to read and write history, profile, and soul files in its local directory.
- Sanitization: There is no evidence of content validation or sanitization to prevent malicious instructions provided by the user in one session from being persisted and executed in a subsequent session.
- [NO_CODE]: The skill is composed entirely of natural language instructions in Markdown format and does not include any scripts, binaries, or external dependencies.
Audit Metadata