memory-manager
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by design, as it reloads previously stored user context. Given the absence of high-risk capabilities, this design is considered safe. \n- Ingestion points: Memory files LONG_TERM.md, ACTIVE.md, and logs/ are read during session start. \n- Boundary markers: The skill does not employ delimiters to isolate stored content from current session instructions. \n- Capability inventory: The skill is limited to file system read/write operations and contains no scripts, network calls, or subprocess executions. \n- Sanitization: Stored content is not sanitized or validated before being re-integrated into the agent's context.
Audit Metadata