V3 Memory Unification
Warn
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill implements a migration strategy that ingests data from untrusted sources without sanitization or boundary markers.
- Ingestion points:
migrateFromMarkdownusesglob('**/*.md')to read all markdown files in the directory tree.migrateFromSQLitereads all entries from a local SQLite database. - Boundary markers: Absent. The skill reads file content and stores it directly into the vector index (
this.agentdb.store) without delimiters or instructions to ignore embedded commands. - Capability inventory: The skill has file system read access (
fs.readFile) and persistent storage capabilities viaAgentDBAdapter. While no direct shell execution is shown, the indexed content influences the agent's semantic search and future reasoning. - Sanitization: Absent. There is no validation or filtering of the content being indexed.
- Data Exposure (LOW): The migration logic uses a broad glob pattern (
**/*.md) which may inadvertently ingest sensitive information contained in markdown notes or documentation files into the agent's memory backend.
Audit Metadata