Skip to content

[SEC-2.4] Memory retrieval sanitization boundary #1203

Closed
#1234
Closed
[SEC-2.4] Memory retrieval sanitization boundary#1203
#1234
Labels
memoryzeph-memory crate (SQLite)priority/mediumMedium prioritysecuritySecurity-related issuesize/SSmall PR (11-50 lines)
@bug-ops

Description

@bug-ops
bug-ops
opened on Mar 4, 2026

Part of #1195 — Phase 2

Apply sanitization to memory search results (Qdrant/SQLite) to prevent poisoned memory attacks.

Crates: zeph-memory
Depends on: SEC-1.4

Tasks:

  • SemanticMemory::search() results tagged ExternalUntrusted (memory could have been poisoned by earlier injected content)
  • Apply ContentSanitizer to retrieved memory entries before returning to agent
  • tracing::warn! if injection patterns detected in stored memory (indicates prior poisoning)
  • Unit tests with mock memory entry containing injection payload

Files: crates/zeph-memory/src/orchestrator.rs

Metadata

Metadata

Assignees

No one assigned

    Labels

    memoryzeph-memory crate (SQLite)priority/mediumMedium prioritysecuritySecurity-related issuesize/SSmall PR (11-50 lines)

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions