Skills
skills/openclaw/skills/session-memory/Gen Agent Trust Hub

session-memory

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data from past sessions into the agent's memory store.
  • Ingestion points: scripts/session-to-memory.js and scripts/session-search.js read session transcripts from ~/.openclaw/agents/main/sessions/.
  • Boundary markers: The scripts use standard Markdown headers (e.g., ## Session summary, ### Session [ID]) to structure the memory files, but these do not include explicit instructions for the AI to ignore embedded commands.
  • Capability inventory: session-to-memory.js uses fs.writeFileSync to create or modify files in the memory/ directory, which serves as the agent's primary source for context retrieval and citations.
  • Sanitization: The scripts perform basic formatting (truncation to 800 characters, newline removal) but do not sanitize or filter the content of messages for prompt injection patterns.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 12:00 AM