memory-cache
Pass
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: LOWPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to cache 'expensive API results' and 'search results' (Category 8c: Tool output poisoning).
- Ingestion points: Data enters the system via the
setcommand inscripts/cache_manager.py(lines 191-201). - Boundary markers: None identified. The script stores raw string or JSON data without sanitization or injection-resistant wrapping.
- Capability inventory: While this specific script only performs Redis operations, the
SKILL.md(lines 4-5) explicitly states it is used to 'save context' for 'agent sessions'. This creates a high-risk surface where an agent might read and trust data from the cache that originated from an untrusted external API. - Sanitization: No sanitization of the
valueis performed before storage or after retrieval. - [Credential Exposure] (MEDIUM): The script
scripts/cache_manager.py(lines 35-43) readsREDIS_PASSWORDfrom environment variables. While this is standard practice, the use of a.envfile increases the risk of accidental exposure if the environment is not properly secured. - [Command Execution] (LOW): The skill documentation describes a wrapper script
scripts/cache(not provided in the files) that 'creates a venv and installs dependencies' (SKILL.md line 12). Automated environment setup can sometimes be leveraged for unintended execution, though it is a common convenience feature.
Audit Metadata