Skills
skills/leoyeai/openclaw-master-skills/remembering-conversations/Gen Agent Trust Hub

remembering-conversations

Pass

Audited by Gen Agent Trust Hub on Apr 6, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill documents the use of the mcp__plugin_episodic-memory_episodic-memory__read tool in MCP-TOOLS.md, which accepts an absolute file path parameter. Although intended for reading conversation archives (e.g., in ~/.config/), this interface allows the agent to access arbitrary sensitive files on the local filesystem if directed by a malicious prompt.
  • [PROMPT_INJECTION]: The skill presents a surface for Indirect Prompt Injection (Category 8) because it retrieves and processes untrusted historical conversation data.
  • Ingestion points: Data is ingested via the search and read tools defined in MCP-TOOLS.md.
  • Boundary markers: Absent. The instructions in SKILL.md do not require the agent to use delimiters or ignore instructions embedded within the retrieved history.
  • Capability inventory: The agent has the capability to read files and synthesize potentially untrusted content into its current reasoning context.
  • Sanitization: Absent. No validation or filtering is applied to the conversation content before it is synthesized by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 6, 2026, 03:39 AM