Skills
skills/omer-metin/skills-for-antigravity/conversation-memory/Gen Agent Trust Hub

conversation-memory

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFE
Full Analysis
  • Indirect Prompt Injection (SAFE): The skill describes systems designed to ingest and retrieve untrusted user input. While this is an inherent vulnerability surface for memory-based agents, the skill provides architectural patterns to mitigate these risks.
  • Ingestion points: Patterns in references/patterns.md (addMessage, extractAndStore) and references/sharp_edges.md (ManagedMemory.add) define how user data enters the system.
  • Boundary markers: The promptWithMemory function in references/patterns.md demonstrates the use of Markdown headers (e.g., ## User Context, ## Recent Conversation) to separate untrusted data from instructions.
  • Capability inventory: The skill uses llm.complete for entity extraction and query response, which is standard for memory augmentation.
  • Sanitization: The skill demonstrates importance scoring and regex filtering (e.g., detecting user preferences) to control which data is stored, although it does not provide explicit input escaping scripts.
  • Data Exposure & Exfiltration (SAFE): The skill includes defensive patterns for user isolation, specifically the IsolatedMemory class in references/sharp_edges.md, which enforces userId filtering on all search and delete operations to prevent cross-user data leakage.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:11 PM