memory-enhancer
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it automatically extracts and stores user-provided instructions as durable preferences without validation.
- Ingestion points: Natural language input triggers defined in 'SKILL.md' (e.g., 'always...', 'from now on...', 'I prefer...') are used to extract content for storage.
- Boundary markers: No boundary markers or delimiters are used to wrap stored preferences, making it difficult for the agent to distinguish between legitimate system instructions and potentially malicious stored preferences.
- Capability inventory: The skill has the capability to read and write to 'MEMORY.md' and daily log files in the 'memory/' directory.
- Sanitization: No sanitization, filtering, or human-in-the-loop verification is performed on the content before it is persisted to long-term memory. A malicious instruction stored as a preference will be retrieved and followed in future sessions via the 'memory_search' tool.
Audit Metadata