Skills
skills/oimiragieo/agent-studio/knowledge-graph/Gen Agent Trust Hub

knowledge-graph

Pass

Audited by Gen Agent Trust Hub on Mar 22, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads the @modelcontextprotocol/server-memory package from the NPM registry using the npx -y command. This automates the execution of remote code to provide the memory server functionality.
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute configuration commands and run the MCP memory server, which involves creating local directories and setting environment variables for storage paths.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and stores untrusted data as observations.
  • Ingestion points: Untrusted text enters the system through the create_entities and add_observations tools as documented in SKILL.md.
  • Boundary markers: No explicit delimiters or instructions are used to isolate stored observations from the agent's system instructions when the graph is read back into context.
  • Capability inventory: The agent possesses powerful tools including Bash, Write, Edit, and Grep, which could be misused if malicious instructions are retrieved from the knowledge graph.
  • Sanitization: There is no evidence of input validation or escaping for the observation content before it is stored or processed.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 22, 2026, 04:50 PM