Agent Memory Privacy Check

Audit AI agent memory files for privacy risk and bloat.

Install
cmdop skills install agensi-agent-memory-privacy-check

Agent Memory Privacy Check is a skill published by agensi that audits durable AI agent memory files for privacy risks and quality problems. It targets a specific set of file formats commonly used to persist agent state: SOUL.md, MEMORY.md, USER.md, AGENT.md, USER_PROFILE.md, WORKING_MEMORY.md, HANDOFF.md, and OBSERVATIONS.md.

The audit looks for several categories of problem: secrets stored in memory, stale assumptions that may no longer reflect reality, unsupported personal claims about users, raw transcript hoarding, sensitive personal data that should not be retained, and general memory bloat that can degrade agent usefulness or safety over time.

The skill includes specific support for Hermes-style memory architectures. For those setups it enforces known hot-memory budgets, checking that MEMORY.md stays within 2,200 characters and USER.md within 1,375 characters.

This is a lightweight audit pass, not a full continuity-curation workflow. It is suited as a first step for developers or users who want to verify that an agent’s persistent memory does not accumulate risky or wasteful content before investing in deeper memory management tooling. No tools are exposed directly; the skill operates as a self-contained audit capability. There are no environment variables to configure and no package registry entry is associated with it.

Use cases

  • Audit an agent's MEMORY.md file to detect stored secrets or credentials before deployment
  • Check USER.md for unsupported personal claims or sensitive personal data that should be removed
  • Verify Hermes-style memory files stay within the 2,200-character and 1,375-character hot-memory budgets
  • Identify raw transcript hoarding across HANDOFF.md or OBSERVATIONS.md files
  • Spot stale assumptions in AGENT.md or WORKING_MEMORY.md that could cause unsafe or incorrect agent behavior
  • Run a quick pre-release privacy check on all durable memory files in an agent project

When to use it

  • When an agent uses persistent markdown-based memory files and privacy or safety of stored content needs verification
  • When working with a Hermes-style memory architecture and wanting to enforce character budget limits
  • When preparing an agent for production and wanting a lightweight first-pass audit before deeper curation work
  • When a user reports unexpected or sensitive data appearing in agent responses that may originate from stale memory

When not to use it

  • When memory is stored in a database or vector store rather than markdown files — this skill targets specific .md file formats only
  • When a full continuity-curation or memory management workflow is needed, not just a lightweight audit
  • When the agent runtime does not use any of the supported memory file formats
  • When no durable agent memory files exist to audit