memory-lancedb-pro-use
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides commands to install the 'memory-lancedb-pro' package from npm (npm i memory-lancedb-pro@beta) and suggests cloning the official source code from a GitHub repository (github.com/CortexReach/memory-lancedb-pro).
- [PROMPT_INJECTION]: The skill implements a long-term memory system that ingests user-provided text and re-injects it into the agent's context, creating a surface for indirect prompt injection. 1. Ingestion points: Conversation turns (user and assistant messages) are captured via the agent_end hook and processed into the LanceDB database. 2. Boundary markers: Documentation explicitly identifies the use of XML delimiters () and prepends a [UNTRUSTED DATA] warning to all retrieved memory content before it is provided to the agent. 3. Capability inventory: The plugin provides tools for storing, searching, and updating memory records but does not include functionality to execute code or shell commands derived from the memory text. 4. Sanitization: Memories are categorized and assigned confidence scores during extraction; the system uses these metadata fields to filter and structure content before it is injected back into the prompt.
Audit Metadata