memory-design-patterns
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill provides templates for ingesting and retrieving untrusted user data as memory context, creating a surface for indirect prompt injection.\n
- Ingestion points:
templates/multi-level-memory-pattern.pyfunctionsadd_user_memory,add_agent_memory, andadd_session_memory.\n - Boundary markers: Not implemented in the provided Python templates to separate memory context from system instructions.\n
- Capability inventory: Retrieved memories are aggregated into context intended to influence LLM response generation.\n
- Sanitization: While not implemented in the functional templates, the included
scripts/audit-memory-security.shscript specifically flags missing PII filtering and sanitization as critical issues and provides implementation examples.\n- [SAFE] (SAFE): Shell scripts follow safe coding practices, including proper variable quoting and using environment variables for sensitive API keys. No hardcoded credentials, obfuscation, or unauthorized persistence mechanisms were detected.
Audit Metadata