storage-basicmemory
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill documentation indicates reliance on a local script
./scripts/get_project_id.shto generate project IDs. While this is a functional requirement for slugification, executing local scripts introduces a vector for command execution. - PROMPT_INJECTION (LOW): Indirect Prompt Injection Surface. The skill is designed to ingest and process external project artifacts (such as Specs, Tasks, and Research) which may contain untrusted data.
- Ingestion points: Data enters the context via
basicmemory_read_note,basicmemory_read_content, andbasicmemory_searchtools. - Boundary markers: There are no explicit delimiters or instructions provided to the agent to ignore or isolate instructions embedded within the artifact content during processing.
- Capability inventory: The agent possesses capabilities to write, edit, and delete notes, as well as execute local shell scripts.
- Sanitization: The skill lacks sanitization or validation logic for the content of the artifacts before they are parsed or stored.
Audit Metadata