memory-design-patterns

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The skill explicitly stores and later retrieves arbitrary user-generated content for LLM use — e.g., examples/customer-support-memory-architecture (SupportTicketHandler.handle_ticket and CustomerSupportMemory.add_session_context) saves customer_message to session/user memory and merges it into a context_summary that the agent reads, so untrusted user content is ingested and interpreted at runtime.