Skills
skills/yonatangross/skillforge-claude-plugin/memory-fabric/Gen Agent Trust Hub

memory-fabric

Pass

Audited by Gen Agent Trust Hub on Feb 25, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its architecture of retrieving and processing stored memories.
  • Ingestion points: Data enters the agent's context through the mcp__memory__search_nodes tool which queries a knowledge graph.
  • Boundary markers: Absent. The skill does not implement delimiters or specific instructions to treat graph-retrieved text as untrusted data.
  • Capability inventory: The skill has access to the Bash tool, file reading via Read, and full manipulation of the memory graph.
  • Sanitization: Absent. The extraction and normalization logic described in references/entity-extraction.md and references/query-merging.md performs no filtering or sanitization of input text to prevent instruction injection.
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool and references shell scripts (prompt/memory-fabric-context.sh, stop/memory-fabric-sync.sh) for session lifecycle management. While standard for orchestration, the combination of shell access with the processing of untrusted memory data increases the potential impact of an injection attack.
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the @anthropic/memory-mcp-server via npx. This is an official package from Anthropic, a well-known and trusted organization.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 25, 2026, 03:18 PM