memory-fabric
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill defines a process for ingesting natural language to create and query a knowledge graph, which is a common surface for indirect prompt injection.
- Ingestion points: The
extract_entities(text)function inentity-extraction.mdand themcp__memory__search_nodesresults inquery-merging.mdprocess potentially untrusted text. - Boundary markers: Absent. The provided logic does not demonstrate the use of delimiters (like XML tags or triple quotes) to encapsulate untrusted data when passing it to memory tools.
- Capability inventory: The skill utilizes MCP memory tools (
create_entities,create_relations,search_nodes). It does not demonstrate shell access, file-system modification, or arbitrary code execution. - Sanitization: No explicit sanitization or instruction-filtering logic is present for the text stored in entity observations.
- [Remote Code Execution] (SAFE): The Python and Javascript snippets provided are illustrative logic templates and do not contain patterns for downloading or executing remote code.
- [Data Exfiltration] (SAFE): No sensitive file paths, hardcoded credentials, or unauthorized network requests were found. All external interactions are routed through standard MCP memory tool calls.
Audit Metadata