docs(skills): redact secrets in remember skill

[caioribeiroclw-pixel]

Summary

• update the remember skill to preserve meaning while redacting credentials/secrets
• add a workflow sanitization step before memory_save
• add an example for storing a security-sensitive operational note without persisting the raw secret

Why

This addresses #911's W007 finding: the previous wording asked agents to preserve the user's phrasing, which can cause raw API keys, tokens, passwords, cookies, private keys, or connection strings to be saved into long-term memory.

Verification

• git diff --check
• npm run skills:check not run locally because this fresh shallow clone does not have node_modules installed

Summary by CodeRabbit

• Documentation
  • Added a worked example demonstrating secure storage of security-sensitive information with the remember skill, including explicit guidance to avoid storing raw secrets
  • Enhanced skill documentation with refined guidance on converting inputs into long-term memory while preserving meaning and redacting sensitive values
  • Expanded anti-patterns section with clearer examples of what not to store and how to properly phrase redacted content

[vercel]

@caioribeiroclw-pixel is attempting to deploy a commit to the rohitg00's projects Team on Vercel.

A member of the Team first needs to authorize it.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: b99c2576-7fc6-4f55-b317-8da349d0bb45

📥 Commits

Reviewing files that changed from the base of the PR and between f6f9e3c and b555cb4.

📒 Files selected for processing (2)

• plugin/skills/remember/EXAMPLES.md
• plugin/skills/remember/SKILL.md

---

📝 Walkthrough

Walkthrough

The remember skill documentation is updated to explicitly address secret sanitization. SKILL.md refines the Why, Workflow, Anti-patterns, and Checklist sections to instruct agents to redact credentials before storing memory content. EXAMPLES.md adds a worked example demonstrating correct handling of a billing-provider API key.

Changes

remember skill: secret sanitization documentation

Layer / File(s)	Summary
SKILL.md: Why, Workflow, Anti-patterns, and Checklist plugin/skills/remember/SKILL.md	Why section adds explicit prohibition on persisting credentials/tokens/passwords. Workflow gains a sanitization step for sensitive values before building content. Anti-patterns section is expanded with concrete wrong/right pairs showing redacted phrasing. Checklist is revised to require meaning preservation with secret redaction.
EXAMPLES.md: security-sensitive note example plugin/skills/remember/EXAMPLES.md	Adds example 4 ("Saving a security-sensitive note") with a memory_save call that stores only the retrieval concept and secret-manager location, with a note prohibiting raw secret values in memory.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

Possibly related issues

• remember skill stores user secrets verbatim — W007 insecure credential handling #911: This PR directly implements the security documentation fixes described in that issue, including sanitization guidance, expanded anti-patterns, and a revised checklist.

Possibly related PRs

• rohitg00/agentmemory#854: Overlaps with this PR's updates to remember skill documentation in EXAMPLES.md and SKILL.md.

Poem

🐇 A bunny once stored a secret key—
But now the docs say, "Nope, not for me!"
Remember the concept, the vault, the name,
But raw credentials? That's a dangerous game.
Redact, preserve meaning, and hop along free! 🔐

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'docs(skills): redact secrets in remember skill' accurately summarizes the main objective of the PR, which is updating documentation to implement secret redaction in the remember skill.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}