From b555cb4ef245d8fa5eaa5c2893c146c82090321e Mon Sep 17 00:00:00 2001 From: Caio Ribeiro Date: Tue, 16 Jun 2026 01:03:29 +0000 Subject: [PATCH] docs(skills): redact secrets in remember skill --- plugin/skills/remember/EXAMPLES.md | 17 +++++++++++++++++ plugin/skills/remember/SKILL.md | 23 +++++++++++++++++------ 2 files changed, 34 insertions(+), 6 deletions(-) diff --git a/plugin/skills/remember/EXAMPLES.md b/plugin/skills/remember/EXAMPLES.md index e220cb79a..885c381b2 100644 --- a/plugin/skills/remember/EXAMPLES.md +++ b/plugin/skills/remember/EXAMPLES.md @@ -65,3 +65,20 @@ memory_save { ``` Present the confirmation with the concepts echoed back. + +## 4. Saving a security-sensitive note + +User: "Remember that production uses API key `sk-live-example` for the billing provider." + +Invocation: + +```json +memory_save { + "content": "Production billing provider uses an API key; the secret value was redacted and must be retrieved from the secret manager.", + "concepts": "billing-provider, api-key, secret-manager", + "files": "" +} +``` + +Do not store the raw key, password, token, cookie, private key, or connection +string in memory. Preserve the operational fact and retrieval terms only. diff --git a/plugin/skills/remember/SKILL.md b/plugin/skills/remember/SKILL.md index 83e950d6e..65d0d1b37 100644 --- a/plugin/skills/remember/SKILL.md +++ b/plugin/skills/remember/SKILL.md @@ -26,17 +26,22 @@ Saved memory abc12345 with 3 concepts: jwt-refresh-rotation, token-revocation, a ## Why A memory is only as useful as the terms that retrieve it. Tag with specific -concepts so a future `recall` finds it, and preserve the user's own phrasing. +concepts so a future `recall` finds it, and preserve the user's meaning without +persisting credentials, tokens, passwords, or other secrets. ## Workflow 1. Pull the core insight, decision, or fact out of `$ARGUMENTS`. -2. Extract 2-5 lowercased concept phrases. Prefer specific over generic +2. Sanitize sensitive values before constructing `content`. Redact credentials, + API keys, tokens, passwords, private keys, session cookies, connection + strings, and other secrets. Preserve the useful meaning, not the secret + itself. +3. Extract 2-5 lowercased concept phrases. Prefer specific over generic (`jwt-refresh-rotation` beats `auth`). -3. Extract referenced file paths (absolute or repo-relative). Empty if none. -4. Call `memory_save` with `content`, `concepts` (comma-separated string), and +4. Extract referenced file paths (absolute or repo-relative). Empty if none. +5. Call `memory_save` with `content`, `concepts` (comma-separated string), and `files` (comma-separated string). -5. Confirm the save and echo the concepts so the user knows the retrieval terms. +6. Confirm the save and echo the concepts so the user knows the retrieval terms. ## Anti-patterns @@ -44,9 +49,15 @@ WRONG: `concepts: "stuff, code, notes"` (generic tags nothing can find later). RIGHT: `concepts: "jwt-refresh-rotation, token-revocation"` (specific, retrievable). +WRONG: `content: "Production API key is sk-live-..."` (persists a secret). + +RIGHT: `content: "Production API uses a bearer token; the token value was redacted and must be retrieved from the secret manager."` + ## Checklist -- Content preserves the user's phrasing, not a paraphrase. +- Content preserves the user's meaning, but redacts credentials, tokens, + passwords, private keys, session cookies, connection strings, and other + secrets. - Concepts are specific, lowercased, 2-5 items. - File paths are real references, not guesses. - Confirmation echoes the exact concepts tagged.