memory-bank
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface via persistent storage. \n
- Ingestion points: The agent reads data from files located in the
./memory/directory (SKILL.md). \n - Boundary markers: While the skill uses YAML frontmatter, it lacks explicit boundary markers or system instructions to disregard commands found within the body of memory files. \n
- Capability inventory: The agent can execute shell commands (
ls,head,rg) and use native file tools to read and write content. \n - Sanitization: There is no evidence of content sanitization or filtering before storage or after retrieval.\n- [COMMAND_EXECUTION]: Usage of shell commands for file management and searching. \n
- The skill explicitly directs the agent to use
ls,head, andrg(ripgrep) to interact with memory files. \n - These commands are restricted to a local directory, but they represent an active command execution capability.
Audit Metadata