mem0-fastapi-integration
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8).
- Ingestion points: Untrusted user input enters the agent context through the
ChatRequest.messagefield inexamples/chat_with_memory.py. - Boundary markers: Absent; user messages and retrieved memories are concatenated directly into context strings without delimiters or instructions to ignore embedded commands.
- Capability inventory: The service has the capability to write untrusted content to a persistent database (
add_conversation) and retrieve it to influence future AI responses and decision logic. - Sanitization: No sanitization, filtering, or validation is performed on incoming data or retrieved memories before they are used in prompts.
- [CREDENTIALS_UNSAFE] (HIGH): The file
templates/memory_middleware.pyincludes aget_user_optionaldependency that defaults to a hardcodeddevelopment_useridentity if credentials are not provided, effectively creating an authentication bypass mechanism if the template is used in production. - [EXTERNAL_DOWNLOADS] (MEDIUM): The
scripts/setup-mem0.shscript installs several Python packages (mem0ai,openai,qdrant-client) without version pinning or integrity checks, posing a supply chain risk. - [COMMAND_EXECUTION] (LOW): The
scripts/test-memory.shscript executes network operations viacurlagainst local API endpoints and performs multiple automated shell commands for testing purposes.
Recommendations
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata