para-memory-files
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands using the 'qmd' utility for indexing ($AGENT_HOME) and performing semantic or keyword searches (qmd query, qmd search, qmd vsearch).
- [COMMAND_EXECUTION]: The instructions require the agent to manage a file-based database, involving operations such as writing YAML and Markdown files, creating directory structures, and moving folders (e.g., moving items to archives/) using standard shell commands.
- [COMMAND_EXECUTION]: The skill encourages the agent to self-modify its operational context by updating its own configuration or skill files (AGENTS.md, TOOLS.md) to record 'tacit knowledge' and lessons learned.
- [PROMPT_INJECTION]: The memory system design creates an indirect prompt injection surface because the agent retrieves and follows instructions from files that may contain unvalidated user input or external data.
- Ingestion points: Data is read from files in $AGENT_HOME/life/, $AGENT_HOME/memory/, and project-specific plans/ directories.
- Boundary markers: The provided schemas and instructions do not include specific delimiters or 'ignore' instructions to prevent the agent from mistaking stored data for new system-level commands during retrieval.
- Capability inventory: The agent has the ability to write to the file system, execute shell commands (qmd), and modify its own skill/configuration files.
- Sanitization: There are no explicit instructions for the agent to sanitize or escape content before saving it to the memory files or after reading it back for use in the current session.
Audit Metadata