mem0-vercel-ai-sdk

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt contains literal API-key patterns (e.g., "sk-xxx", "m0-xxx") and example code that passes mem0ApiKey inline in config or shell exports, which encourages embedding secrets verbatim into generated code/commands and thus risks secret exfiltration.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly calls the Mem0 platform search API (e.g., POST /v2/memories/search/ and /v3/memories/search/ as shown in SKILL.md and references/memory-utilities.md), retrieves user/third-party memories and formats/injects them as a system message before underlying LLM calls, so untrusted or user-generated content from Mem0 can directly influence the model's behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). At runtime this skill calls the Mem0 API (default host https://api.mem0.ai, e.g. POST /v2/memories/search/) to fetch memories which are then formatted and injected as a system message that directly controls model prompts, and the skill requires the Mem0 API (MEM0_API_KEY), so the external URL directly controls agent prompts.