hybrid-memory
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements legitimate memory management functionality using a self-contained SQLite database with no evidence of malicious intent.
- [EXTERNAL_DOWNLOADS]: The skill communicates with the OpenAI API for embedding generation. This is a well-known service and the interaction is necessary for the skill's semantic search features.
- [COMMAND_EXECUTION]: Includes several CLI binaries for managing the database. Analysis confirms these scripts are standard Node.js applications that do not execute arbitrary shell commands or perform unsafe subprocess spawning.
- [DATA_EXFILTRATION]: Features a tool to ingest local files into the memory system. This is an intended core functionality for building knowledge bases and does not target sensitive system files or exfiltrate data to untrusted domains.
- [PROMPT_INJECTION]: The skill architecture creates a standard surface for indirect prompt injection common in memory systems.
- Ingestion points: Data enters the system through
lib/store.jsvia manual entry or file ingestion. - Boundary markers: The skill documentation suggests using markdown separators, but no explicit instructions are added to the tool output to prevent the model from obeying instructions embedded in retrieved memories.
- Capability inventory: Local file system access for database operations and network access to the OpenAI API.
- Sanitization: No content filtering or validation is performed on stored memory strings.
Audit Metadata