memory-recall
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script,
ov_memory.py, using the Bash tool. The command string dynamically incorporates the$ARGUMENTSvariable, which contains user input, into the execution path. - [PROMPT_INJECTION]: The skill demonstrates a surface for indirect prompt injection by processing external data from a session state file. This is classified as a vulnerability surface rather than a confirmed injection.
- Ingestion points: Historical memories are read from the
.openviking/memory/session_state.jsonfile. - Boundary markers: The instructions do not define specific delimiters or instructions to separate retrieved data from the agent's core instructions.
- Capability inventory: The skill has access to the Bash tool, allowing for the execution of scripts and system commands.
- Sanitization: No explicit sanitization or validation of the retrieved memory data is performed before it is presented to the main agent.
Audit Metadata