memory
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads the 'sentence-transformers' package via pip and fetches pre-trained embedding models (e.g., 'BAAI/bge-small-zh-v1.5') from HuggingFace. These are standard operations for a skill implementing semantic search using established libraries and well-known services.
- [COMMAND_EXECUTION]: Several Python scripts use
subprocess.runorsubprocess.callto manage internal operations. These include: - Forwarding installation commands to the initialization script in
main.py. - Installing necessary Python dependencies (
sentence-transformers) inscripts/service/init/helpers.py. - Triggering the index synchronization script (
sync_index.py) inscripts/service/manage/commands/_helpers.pyandscripts/service/hooks/sync_and_cleanup.py. - Launching 'datasette' for database visualization in
scripts/service/manage/commands/cmd_db.py. All detected executions target the local Python interpreter or its installed modules for legitimate system functionality. - [DATA_EXFILTRATION]: No unauthorized data exfiltration patterns were detected. Network activity is limited to downloading models from HuggingFace. Local memory data (facts, summaries, logs) is stored within the project's
.cursor/skills/memory-data/directory or a global~/.memory/folder. - [PROMPT_INJECTION]: The instructions in
SKILL.mdandmemory-rules.mdcutilize strong imperative language (e.g., "Mandatory", "Must") to define the agent's memory-handling logic. This is standard for technical guidelines and does not represent an attempt to bypass AI safety filters. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data (user messages and prior conversation history) and stores it in memory files. While this creates a surface for indirect injection, the skill includes basic content sanitization in
save_fact.pyand uses structured data formats to minimize risk.
Audit Metadata