agent-memory
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: Analysis of the Python and TypeScript code for file-based and database-backed memory found no evidence of malicious intent, obfuscation, or unauthorized data exfiltration. All file and network operations are consistent with the stated purpose of building a persistent knowledge base.
- [PROMPT_INJECTION]: The skill facilitates retrieval-augmented generation (RAG), which creates an inherent surface for indirect prompt injection if stored memories contain malicious instructions.
- Ingestion points: Files in the 'memory' directory, SQLite database records, and ChromaDB collections.
- Boundary markers: Not implemented in the provided snippets; the documentation suggests injecting memories into system prompts without recommending specific delimiters.
- Capability inventory: Local file system access (read/write), SQLite database operations, and network calls to OpenAI's embedding API.
- Sanitization: None implemented in the templates; content filtering is left to the developer implementing the memory system.
Audit Metadata