Guard Memory Writes Against Injection
Agent QA & Security
90-120 minutes0/4 steps0%
Step 1 of 4
Make writes source-aware
Where a memory came from determines what it may become.
First time here? Paste the Context Pack first so the AI understands your project - open it from the header above.
Prompt Capsule
Instrument the memory write path with source awareness. Every write must carry the provenance of the content it derived from: USER-STATED (the user directly told the agent), OBSERVED (the agent verified via its own tool execution - a test passed, a file exists), UNTRUSTED-DERIVED (extracted from web pages, third-party docs, tool results of external origin), or INFERRED (the model's own reasoning). Policy by source: user-stated and observed may write to the normal store; untrusted-derived and low-confidence inferred route to quarantine (next step); nothing writes to a 'high-trust' tier except user-stated or multiply-observed. Refactor the memory tool so the source tag is required, not optional, and reject writes that cannot name their source.
Paste into EmergentFull Build: complete implementation prompt with explicit requirements
Quick is short. Full Build is recommended for most steps. Strict forces real logic when the AI keeps faking output.
Actual change check
Expected after this step
A source-required write path enforcing policy by provenance.
Should NOT happen
- An existing feature broke
- A button only logs to console
- Data disappears after refresh
- Errors fail silently with no visible state
This is what should exist before you continue. If reality does not match, do not move on.
Track what changed, failed, or needs follow-up. Notes export with the flow.
Pass the Verify Gate to complete this step