Flows category icon
Agent QA & Security
Advanced

Guard Memory Writes Against Injection

Stop poisoned data from becoming persistent agent beliefs: validate, attribute, and quarantine memory writes as untrusted input.

4 steps12 verify checks90-120 minutesWorks with: emergent · chatgpt · claude · cursor
Start Guided Walkthrough

The Route

0/4 verified

Context Pack

Paste this first. It briefs the AI on requirements, constraints, and the Definition of Done before your first build prompt.

Context Pack
PROJECT CONTEXT:
My agent writes to long-term memory, and anything it reads could plant a false 'fact' that persists across sessions - memory poisoning. Memory-validation research treats every memory write as untrusted input needing validation, provenance, and re-verification.

GOAL:
Harden the memory write path against poisoning: source-aware write policy, content validation, provenance tracking, and scheduled re-validation.

REQUIREMENTS:
- Write policy keyed on the trust of the content's source
- Validation of memory content before persistence (format, plausibility, conflict)
- Provenance stamped on every memory: source, trust level, session, timestamp
- Quarantine for writes derived from untrusted content until corroborated
- Scheduled re-validation that expires or flags stale/contradicted memories

CONSTRAINTS:
- Untrusted-sourced content can never write high-trust memory directly
- A memory's influence must be traceable to its provenance at recall time

DEFINITION OF DONE:
- A 'fact' derived from a fetched web page lands in quarantine, not core memory
- Every stored memory shows source and trust on inspection
- A poisoning attempt via injected content fails to become an acted-on belief
- Re-validation expires an unconfirmed quarantined memory after its TTL

COMMON FAILURES TO AVOID:
- Persisting anything the agent 'learned' without asking where it came from
- Memories with no provenance, so a poisoned fact is indistinguishable from a real one
- Untrusted-sourced claims recalled with full authority
- Never re-checking stored facts, so poison persists indefinitely

Paste this into your AI builder first. It teaches the AI what you want before you give it the build prompt.

Related routes

More Agent QA & Security flows that share ground with this one.

Flows category icon
Agent QA & Security

Dependency and Supply-Chain Scanning for Agents

Guard against the dependencies your agent adds: vulnerability scanning, hallucinated-package detection, and gated installs.

01Intercept dependency additions
02Verify existence and reputation
03Scan for vulnerabilities

+1 more steps to Done

Best forbuilders who have shipped a basic app before

4 steps60-90 minutesIntermediate
Flows category icon
Agent QA & Security

Prompt Injection Defense Checklist

Systematically defend your agent against prompt injection: trust boundaries, content isolation, and defense-in-depth that assumes injection will happen.

01Map trust boundaries
02Isolate and label untrusted content
03Separate authority from content

+1 more steps to Done

Best forproduction-grade builds with strict verification

4 steps90-150 minutesAdvanced
Flows category icon
Agent QA & Security

Secrets Hygiene in Agent Logs

Keep credentials out of prompts, tool outputs, logs, and traces: detection, redaction, and safe handling across the whole agent pipeline.

01Build the secret detector
02Redact at every capture point
03Inject real secrets safely

+1 more steps to Done

Best forbuilders who have shipped a basic app before

4 steps60-90 minutesIntermediate

Made with Emergent