agent-memory
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it automatically incorporates the contents of AGENTS.md into the agent's context.
- Ingestion points: AGENTS.md file in the repository root (referenced in SKILL.md and README.md).
- Boundary markers: Absent. The instructions do not specify using delimiters or headers to isolate content from AGENTS.md from the agent's system instructions.
- Capability inventory: File system read/write operations (via agent tools).
- Sanitization: Absent. There is no mention of validating or sanitizing the content retrieved from the file before it is added to the context.
Audit Metadata