memory-recall
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses dynamic context injection (!bash) to automatically identify the repository root and derive the vector database collection name when the skill is first loaded.
- [COMMAND_EXECUTION]: The instructions direct the agent to use the Bash tool for running the memsearch utility, performing filesystem searches with grep, and executing a local Python script for transcript processing.
- [EXTERNAL_DOWNLOADS]: The skill recommends using the uvx tool to dynamically download and execute the memsearch package from the Python Package Index (PyPI) if it is not found on the local path.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests and processes content from historical conversation logs and project notes that could potentially contain malicious instructions from prior sessions.
- Ingestion points: Historical session files in .memsearch/memory/*.md and transcript JSONL files referenced in the search results.
- Boundary markers: Absent; there are no specific instructions or delimiters provided to ensure the agent ignores embedded instructions within retrieved data.
- Capability inventory: The skill uses the Bash tool for search operations, filesystem traversal, and local script execution as defined in SKILL.md.
- Sanitization: Absent; retrieved memories are summarized and returned to the primary conversation context without prior validation or filtering.
Audit Metadata