memory-palace
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill's primary mechanism involves reading and interpreting untrusted data from the filesystem, presenting a significant vulnerability surface. 1. Ingestion points: The agent uses the 'read_file' tool to access 'ENTRY.md', 'MAP.yml', 'ROOM.md', and arbitrary 'artifact' files. 2. Boundary markers: There are no delimiters or instructions to treat file content as passive data rather than active instructions. 3. Capability inventory: The agent has 'write_file' and 'list_dir' permissions, which could be leveraged by a successful injection to modify the environment. 4. Sanitization: No sanitization or filtering of file content is performed before processing.
- [Metadata Poisoning] (MEDIUM): The 'skill-snitch-report.md' file contains deceptive safety claims ('Risk Level: ZERO', 'Verdict: APPROVE'). These self-referential statements are designed to override security assessments and could mislead users about the skill's inherent risks.
Recommendations
- AI detected serious security threats
Audit Metadata