memory-management
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it incorporates data from various memory tiers into the agent context.
- Ingestion points: Data is read from the Deep Storage tier (including MEMORY_DOMAIN_DIR, MEMORY_DESIGN_DIR, and MEMORY_GOVERNANCE_DIR) and the Vault tier (Obsidian via VAULT_PATH).
- Boundary markers: There are no explicit instructions or delimiters defined to isolate retrieved memory content from the system prompt or to warn the agent against executing instructions contained within those files.
- Capability inventory: The skill is configured with Read and Write tool permissions, allowing it to interact with the local filesystem and manage memory tiers.
- Sanitization: The architecture does not specify any sanitization, validation, or filtering of the content retrieved from the memory tiers before processing.
- [DATA_EXFILTRATION]: The architecture supports external persistence of session traces to well-known remote platforms. The Soul tier facilitates the synchronization of session data to services like HuggingFace Hub as part of its intended cognitive continuity function, which involves transmitting session context off-system.
Audit Metadata