memory-remember
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [PROMPT_INJECTION]: No evidence of direct instructions to bypass safety filters or override system constraints was found.
- [DATA_EXFILTRATION]: The skill manages information locally and does not contain any network-facing commands (like curl or fetch) or hardcoded credentials. It only interacts with files within the
.claude/directory. - [INDIRECT_PROMPT_INJECTION]: The skill acts as an ingestion point for user-provided data that is subsequently stored in persistent files. This creates a potential surface for indirect prompt injection.
- Ingestion points: The skill captures user preferences, decisions, and conversation topics directly from the chat context (SKILL.md).
- Boundary markers: There are no specific delimiters or instruction-ignore markers defined for the data being written to memory files.
- Capability inventory: The skill utilizes file read and write operations to update memory logs and configuration files.
- Sanitization: No explicit sanitization or validation logic is present to filter executable instructions from the user data before storage.
Audit Metadata