memory-init
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill performs project indexing using standard file access and a vendor-specific tool (supermemory_add) for data persistence, which is consistent with its described functionality.
- [NO_CODE]: The skill is composed entirely of markdown instructions and does not include any scripts, executables, or third-party dependencies.
- [PROMPT_INJECTION]: The skill has an inherent attack surface for indirect prompt injection as it processes untrusted data from local codebases.
- Ingestion points: Local project files such as package.json, README, and core source files.
- Boundary markers: None present to delimit codebase content from agent instructions.
- Capability inventory: Utilizes the supermemory_add tool to save processed information to memory.
- Sanitization: No explicit sanitization or validation of the ingested content is defined.
Audit Metadata