agent-memory
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection.
- Ingestion points: The agent is instructed to automatically add the content of
AGENTS.mdto its context if the file exists in the repository root (SKILL.md). - Boundary markers: There are no instructions to use delimiters or to treat the ingested content as untrusted data, allowing any instructions inside
AGENTS.mdto potentially influence agent behavior. - Capability inventory: The agent has the capability to read from and write to the repository's filesystem (SKILL.md, README.md).
- Sanitization: No validation or sanitization is performed on the content loaded from the memory file.
Audit Metadata