AgentDB Memory Patterns
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS / REMOTE_CODE_EXECUTION (MEDIUM): The skill frequently uses
npx agentdb@latestfor initialization and management. This command downloads and executes the latest version of theagentdbpackage from the public npm registry. Since the author and package are not on the trusted sources list, this pattern allows for unverified remote code execution in the user's environment. - COMMAND_EXECUTION / PERSISTENCE (MEDIUM): The skill provides instructions to modify the agent's persistent configuration via
claude mcp add agentdb npx agentdb@latest mcp. This establishes a long-term persistence mechanism where the agent will automatically execute the externalagentdbpackage in future sessions. - DYNAMIC_EXECUTION (MEDIUM): The
create-plugincommand generates and executes code based on templates (e.g.,decision-transformer). This runtime generation of executable logic increases the attack surface if the templates or the generator itself are compromised. - INDIRECT_PROMPT_INJECTION (LOW): This memory management skill is a primary surface for indirect prompt injection. Data stored in the memory patterns could contain malicious instructions designed to be executed when the agent retrieves and synthesizes context.
- Ingestion points:
insertPattern,storeMemory, andstoreFactAPIs inSKILL.md. - Boundary markers: No explicit sanitization or delimiters (like XML tags or triple quotes) are demonstrated for stored memory content.
- Capability inventory: The skill possesses file-system read/write capabilities (via database files), CLI command execution, and MCP server hosting.
- Sanitization: No evidence of input validation or escaping for the
pattern_dataorcontentfields.
Audit Metadata