AgentDB Memory Patterns
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill documentation and CLI instructions rely heavily on
npx agentdb@latest. This pattern downloads and executes code from the npm registry at runtime without version pinning or integrity verification. Because 'ruvnet' is not a trusted organization per security policy, this is flagged as a high-risk dependency. - REMOTE_CODE_EXECUTION (HIGH): The instruction
claude mcp add agentdb npx agentdb@latest mcpconfigures the agent environment (Claude Code) to execute a remote MCP server. This grants an unverified third-party package persistent access to the agent's context and capabilities. - PROMPT_INJECTION (HIGH): Category 8 (Indirect Prompt Injection): The skill is designed to ingest and store untrusted user data via
insertPatternandstoreMemory(SKILL.md). This data is later used for 'context synthesis' and 'reasoning' (Category 8a/8c). - Ingestion points:
adapter.insertPattern,db.storeMemory, anddb.storeFactin SKILL.md. - Boundary markers: Absent. The examples show direct interpolation of user strings into storage patterns without delimiters.
- Capability inventory: Capability to execute shell commands via
npx, write to local database files, and interact with agent environments via MCP. - Sanitization: Absent. There is no evidence of filtering or escaping logic for the stored user data.
- COMMAND_EXECUTION (MEDIUM): The CLI operations include direct file system manipulation (
init,export,import) and runtime performance benchmarking, which could be exploited if the underlying binary is compromised.
Recommendations
- AI detected serious security threats
Audit Metadata