graphiti
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface through its user-facing tools. ● Ingestion points: The graphiti_search and graphiti_add tools in SKILL.md ingest user input via the YOUR_QUERY and EPISODE_CONTENT placeholders. ● Boundary markers: No delimiters or markers are used to separate user data from the command logic. ● Capability inventory: The skill can execute shell commands and perform network operations. ● Sanitization: There is no evidence of escaping or validation for user input before it is used in a bash shell context.
- [COMMAND_EXECUTION]: Tools in SKILL.md execute bash commands that are constructed by interpolating user input directly into single-quoted strings. This pattern is vulnerable to command injection if the input contains shell metacharacters like single quotes or backticks.
Audit Metadata