pact-memory
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes
git rev-parsefor project root detection and system utilities likevm_stator/proc/meminfoto monitor resource availability before intensive operations. These calls are functional and do not accept unsanitized user input. - [EXTERNAL_DOWNLOADS]: Initialization logic includes downloading well-known packages (
pysqlite3,sqlite-vec,model2vec) from PyPI and an embedding model from HuggingFace. These target well-known services and are necessary for the skill's operation. - [PROMPT_INJECTION]: As a memory tool, the skill ingests text that could contain indirect prompt injection markers. However, it mitigates technical injection risks through structured data handling and parameterized database operations. The surface is inherent to the intended primary skill purpose.
- [REMOTE_CODE_EXECUTION]: Dependency management is handled via standard pip installation of verified packages. The skill does not execute arbitrary remote scripts or untrusted payloads.
Audit Metadata