agents-project-memory
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill describes how to structure and load project-level instruction files (AGENTS.md, CLAUDE.md), which serve as ingestion points for agent context. This creates a surface for indirect prompt injection where an attacker could influence the agent by adding malicious instructions to these files.
- Ingestion points: The skill explicitly directs the agent to load content from CLAUDE.md, AGENTS.md, and files within the .claude/rules/ directory.
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands within these memory files are present.
- Capability inventory: The skill assumes the capability to execute local shell scripts (bash) and perform Git operations (worktrees, commits, PRs).
- Sanitization: No sanitization or validation mechanisms for the content of the memory files are described.
- [COMMAND_EXECUTION]: The skill references the execution of repository-local workflow scripts such as ./scripts/git/feature-workflow.sh and a bundled linter located at frameworks/shared-skills/skills/agents-project-memory/scripts/lint_claude_memory.sh. These are used for development automation and project memory validation.
Audit Metadata