Skills
skills/sawyerhood/gitclaw/memory/Gen Agent Trust Hub

memory

Warn

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill relies on shell commands like rg and jq to query and process memory logs. If user-provided search terms or inputs are interpolated into these bash command templates without strict escaping, it could lead to shell command injection.
  • [PROMPT_INJECTION]: The skill processes historical session data from the file system, creating an indirect prompt injection surface where instructions from past conversations could influence future agent actions. Evidence Chain: 1. Ingestion points: state/sessions/*.jsonl and state/memory.log; 2. Boundary markers: Absent; 3. Capability inventory: bash (executing rg, jq, echo); 4. Sanitization: Absent.
  • [DATA_EXFILTRATION]: The skill accesses sensitive local files containing conversation transcripts and user preferences. Although this is the primary purpose of the memory skill, it involves the handling of potentially sensitive personal information.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 11, 2026, 10:52 AM