bedrock-agentcore-memory

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly stores arbitrary user-provided messages via client.create_event (Store Interaction Events) and later retrieves them with client.retrieve_memory_records / get_relevant_memories and injects the returned memory content into the agent's prompt (enhanced_prompt), which exposes the agent to untrusted user-generated content that could carry indirect prompt-injection instructions.