defragmenting-memory
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes letta memfs backup and letta memfs restore commands. These are legitimate operations using the vendor's official command-line interface to manage agent memory states.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface.
- Ingestion points: The subagent reads markdown memory files from the agent's memory directory, which may contain untrusted data from previous user interactions.
- Boundary markers: The instructions lack explicit delimiters or warnings to ignore commands embedded within the processed memory files.
- Capability inventory: The subagent is granted full tool access, including the ability to execute shell commands.
- Sanitization: The skill does not perform sanitization on memory content before it is processed by the subagent.
Audit Metadata