Scan your AI agent codebase for OWASP ASI06 memory poisoning vulnerabilities in CI/CD.
This GitHub Action automatically detects unprotected memory operations in AI agent codebases that could be exploited for memory poisoning attacks — the #6 threat in the OWASP Top 10 for Agentic Applications.
| Category | Severity | Description |
|---|---|---|
| Raw User Input to Memory | Critical | User input stored directly in agent memory without sanitization |
| Shared Memory Without Isolation | Critical | Multiple agents sharing memory without tenant isolation |
| Unvalidated Memory Store | High | Memory stored without integrity validation |
| Unprotected Memory Retrieval | Medium | Memory retrieved without integrity verification |
| Missing Memory Audit Trail | Low | Memory operations lacking audit logging |
name: Memory Security Scan
on: [push, pull_request]
jobs:
memory-guard:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: OWASP/memory-guard-action@v1
with:
scan-path: './src'
severity-threshold: 'medium'
fail-on-findings: 'true'| Input | Description | Default |
|---|---|---|
scan-path |
Path to scan for vulnerabilities | . |
severity-threshold |
Minimum severity to report | medium |
fail-on-findings |
Fail the workflow if vulnerabilities are found | true |
config-file |
Path to configuration file | `` |
python-version |
Python version to use | 3.11 |
| Output | Description |
|---|---|
findings-count |
Number of vulnerabilities found |
report-path |
Path to the detailed JSON report |
risk-score |
Overall risk score (0-100) |
Detects vulnerable patterns in:
- LangChain — ConversationBufferMemory, VectorStoreRetrieverMemory
- LlamaIndex — Memory modules and retriever patterns
- AutoGen — Shared memory and group chat memory
- CrewAI — Crew memory and shared context
- Mem0 — Memory add/search operations
- Semantic Kernel — Memory store operations
pip install agent-memory-guardApache 2.0 — Part of the OWASP Agent Memory Guard project.