memory-updater
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill functions as a memory management system, reading and writing content to local markdown files. This creates a surface where external or user-provided data could be written into documentation and later interpreted as instructions by the agent. Evidence: 1. Ingestion points: The tools 'memory_bank_update_progress', 'memory_bank_update_context', and 'memory_bank_log_decision' accept user-influenced strings to update files. 2. Boundary markers: Absent; there are no specific instructions or delimiters defined to prevent the agent from obeying instructions embedded in these memory files. 3. Capability inventory: The skill utilizes 'memory_bank_show_memory' to read files and various update tools to modify local .md files. 4. Sanitization: Absent; no validation or escaping logic for the input strings is specified in the skill description.
- [SAFE] (SAFE): No patterns related to credential theft, remote code execution, or persistence were detected. The tools used are local MCP components for project tracking.
Audit Metadata