ralph-memories
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Prompt Injection] (LOW): Potential for Indirect Prompt Injection. The skill is designed to persist and later 'prime' the agent's context with content from a local file (
.agent/memories.md). If an attacker can influence the contents of this file (e.g., via a malicious pull request or by tricking the user into adding a specific memory), they could inject instructions that affect the agent's behavior in future sessions. - Ingestion points: The agent reads untrusted data from
.agent/memories.mdusingsearch,list,show, andprimecommands. - Boundary markers: None specified; the agent appears to ingest the memory content directly into its context.
- Capability inventory: The skill allows for file-writing (
add,delete) and shell execution (grep,sort). - Sanitization: No sanitization or validation of the memory content is mentioned.
- [Command Execution] (LOW): The skill documentation explicitly suggests the use of shell commands like
grepandsortto process the.agent/memories.mdfile. While these are common utilities, piping untrusted file content into shell commands carries a minor risk of command injection if the execution environment does not properly escape arguments.
Audit Metadata