remember
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill acts as an ingestion point for project memory, storing user-supplied text into a persistent knowledge graph using mcp__memory__create_entities and mcp__memory__add_observations. This creates a surface for indirect prompt injection as malicious instructions could be stored and retrieved in future sessions.
- Ingestion points: Untrusted user input enters the agent context through the $ARGUMENTS variable in the SKILL.md workflow.
- Boundary markers: The skill does not implement boundary markers or instructions to ignore embedded prompts within the stored content.
- Capability inventory: The skill allows modification of the agent's long-term memory via knowledge graph entities, observations, and relationships.
- Sanitization: No sanitization, escaping, or validation of the input text for potential instructions is performed before storage.
Audit Metadata