agent-memory
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): Hardcoded sensitive API keys and database credentials were found in scripts/memory_engine.py, including LANGFUSE_SECRET_KEY ('sk-lf-115cb6b4-7153-4fe6-9255-bf28f8b115de') and a default NEO4J_PASSWORD ('agxntsix2026').
- [COMMAND_EXECUTION] (HIGH): The scripts/structured_db.py file includes a 'query' command that executes raw, unvalidated SQL strings provided as arguments, granting full control over the local SQLite database.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The scripts/setup_brain.sh script installs a wide range of Python packages (e.g., mem0ai, qdrant-client, pandas) from PyPI without version pinning, which can lead to supply chain vulnerabilities.
- [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to indirect prompt injection due to its core function of storing external content (e.g., web research, documents) in long-term memory. 1. Ingestion: memory_engine.py (add) and structured_db.py (research table). 2. Boundary Markers: Absent. 3. Capability: Raw SQL execution and semantic memory retrieval. 4. Sanitization: Absent. Malicious instructions hidden in ingested data could be executed when the agent recalls that data.
Recommendations
- AI detected serious security threats
Audit Metadata