memory-checkpoint
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (HIGH): The skill implements a workflow that ingests untrusted data and applies it to persistent file storage, creating a vulnerability where malicious instructions can be 'parked' in the agent's memory.
- 1. Ingestion points: Ingests conversation turns, technical summaries, and user-provided descriptions from the active chat history.
- 2. Boundary markers: Absent. The Markdown templates provided do not use delimiters or instructions to treat the content as data-only.
- 3. Capability inventory: Possesses file-write capabilities for multiple documentation files in the memory-bank/ directory (activeContext.md, progress.md, decisionLog.md, architect.md).
- 4. Sanitization: Absent. There is no logic to escape or filter user content before interpolation into the memory bank files.
Recommendations
- AI detected serious security threats
Audit Metadata