supermemory
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill documentation describes a workflow that is inherently susceptible to indirect prompt injection.
- Ingestion points: The system is designed to ingest external content through the
add()method and API endpoints (/v3/documents), which process text, URLs, and multi-modal files (references/sdk-guide.md). - Boundary markers: Integration examples demonstrate the use of XML-style delimiters like
<context>and<user_profile>to separate retrieved memory from system instructions (references/sdk-integrations.md). - Capability inventory: The agent is explicitly instructed to use retrieved memories to personalize its behavior and generate contextually aware responses (
references/use-cases.md). - Sanitization: There is no mention of specific sanitization, filtering, or validation steps for ingested external data before it is presented to the LLM.
- [EXTERNAL_DOWNLOADS]: The skill references several official and well-known software packages.
- Python packages: Mentions official vendor packages
supermemory,supermemory-openai-sdk, andsupermemory-pipecat, as well as well-known libraries such aslangchain-openai,crewai, and the OpenAIagentsSDK (references/sdk-guide.md,references/sdk-integrations.md). - Node.js packages: Mentions official vendor packages
supermemoryand@supermemory/tools, alongside trusted community packages like@ai-sdk/openaiandlangchain(references/sdk-guide.md,references/sdk-integrations.md). - GitHub Repositories: Provides links to the official
supermemoryaiGitHub organization for open-source resources (README.md).
Audit Metadata