AgentDB Memory Patterns
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill extensively uses
npx agentdb@latestfor initialization, MCP setup, and plugin creation. This fetches code from the public npm registry without version pinning, creating a supply chain risk. - REMOTE_CODE_EXECUTION (MEDIUM): Executing
npx agentdb@latestis a form of remote code execution. Since the publisher 'ruvnet' is not in the trusted organizations list, the code executed is unverifiable. - COMMAND_EXECUTION (MEDIUM): The skill provides instructions to modify local environments, specifically adding a persistent MCP server via
claude mcp add. While intended, this establishes a persistent execution channel for an external package. - PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection (Category 8). It ingests untrusted conversational data and stores it in a vector database for later retrieval and 'context synthesis', which can influence the agent's behavior during subsequent sessions.
- Ingestion points: Data entering through
adapter.insertPatternanddb.storeMemoryfrom user interactions. - Boundary markers: None identified in the code snippets to separate stored memories from system instructions.
- Capability inventory: Subprocess execution via
npx, file system writing for databases, and network access for package updates. - Sanitization: No evidence of input sanitization or validation of stored patterns before context synthesis.
Audit Metadata