memory
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because it retrieves and processes content from an external memory store that may be influenced by previous interactions or external data.
- Ingestion points: Data is ingested through the
cortex_get_memorytool across several workflows (e.g.,references/workflows/session-start.md). - Boundary markers: The instructions do not define specific delimiters or escaping mechanisms when the agent processes retrieved memory content.
- Capability inventory: The skill possesses capabilities to read, write, and structure data within the Cortex MCP environment. It does not possess direct file system, shell, or network access.
- Sanitization: While rule 7 in
SKILL.mdmandates redacting secrets before storage, there is no explicit instruction to sanitize or ignore potential command-like patterns within the retrieved memory content.
Audit Metadata