Skills
skills/ninehills/skills/memory-management/Gen Agent Trust Hub

memory-management

Pass

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the alma CLI tool to interact with the file system and perform memory-related tasks. It manages data in the threads/ workspace directory and the ~/.config/alma/ directory. These operations are restricted to the vendor's established toolset and data paths.
  • [PROMPT_INJECTION]: The skill processes historical data, which introduces a potential surface for indirect prompt injection. Content from past interactions or group logs could contain instructions that influence the agent's behavior upon retrieval.
  • Ingestion points: Conversation archives in threads/, group chat logs in ~/.config/alma/groups/, and per-person profiles in ~/.config/alma/people/.
  • Boundary markers: The skill does not define specific delimiters or instructions to ignore potential commands within the retrieved memory content.
  • Capability inventory: The agent has access to Bash, Read, and Write tools to perform operations mediated by the alma CLI.
  • Sanitization: There is no evidence of content sanitization or validation for retrieved memory or log data prior to its inclusion in the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 28, 2026, 09:32 AM