agent-tool-design
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The 'Memory Protocol' defined in SKILL.md introduces a surface for indirect prompt injection. It requires the agent to read from .claude/context/memory/learnings.md before starting, without providing boundary markers or instructions to treat the content as data rather than instructions.\n
- Ingestion points: The agent is instructed to read from .claude/context/memory/learnings.md at the start of every task.\n
- Boundary markers: Absent. There are no delimiters or instructions to prevent the agent from obeying instructions embedded within the memory files.\n
- Capability inventory: The skill utilizes Read, Write, and Bash tools, which are sufficient to read from and write to the specified file paths.\n
- Sanitization: Absent. There is no mechanism described to validate or sanitize the contents of the memory files before they are read into the agent's context.
Audit Metadata