memory
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell scripts (
scripts/init.sh,scripts/sync-pull.sh,scripts/sync-push.sh) to manage its local storage directory and interact with CLI tools. These scripts use standard utilities likesed,awk, andgrepto parse and update local markdown files. - [EXTERNAL_DOWNLOADS]: The skill interacts with GitHub and GitLab through their official CLI tools (
ghandglab). This network activity is used to synchronize issue status and is consistent with the skill's primary purpose of cross-session continuity. - [PROMPT_INJECTION]: The synchronization mechanism presents a surface for indirect prompt injection.
- Ingestion points: Data from remote issue titles and statuses is fetched by
scripts/sync-pull.shand intended to be processed by the agent or stored incontext.md. - Boundary markers: No specific delimiters or instructions are used to distinguish external issue data from the skill's own instructions.
- Capability inventory: The skill possesses capabilities for file modification and interaction with remote repository APIs via the included scripts and developer CLIs.
- Sanitization: There is no evidence of sanitization or validation performed on the external issue content before it is integrated into the agent's context.
Audit Metadata