agent-memory
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest and store external information, which creates a vulnerability surface where malicious instructions could be saved and later processed as authoritative commands.
- Ingestion points: Files saved to and read from
.claude/skills/agent-memory/memories/. - Boundary markers: Absent. The agent uses ripgrep to find summaries but reads the full content of memory files without specific delimiters or isolation to prevent instruction execution.
- Capability inventory: The skill utilizes shell execution for file management, including
mkdir,cat,trash, andripgrep. - Sanitization: Absent. There is no evidence of validation or sanitization of content before it is stored in the persistent memory.
- [COMMAND_EXECUTION] (SAFE): The skill uses standard local shell commands (
ls,mkdir,cat,trash,rg) to manage the memory directory. The use of quoted heredocs (cat > ... << 'EOF') in the documentation is a positive security practice that prevents shell expansion during file creation.
Audit Metadata