lowexperimentalLinuxOCIT1566

Linux Agent Writing Retrieved Web Content Into Memory Stores

Detects AI agent processes writing fetched web content directly into memory or context store directories, which may indicate content containing indirect prompt injection instructions is being persisted in agent memory.

Updated Jan 10, 2025 · OCI AI Security Team

agentic-aimemory-poisoningweb-contentindirect-injectionlinuxociowasp-asi06

Problem Statement

When an agent fetches web content and stores it in its memory layer, any prompt injection embedded in that content becomes part of the agent's persistent context. This can cause the agent to carry out attacker instructions in subsequent sessions long after the initial injection.

Sample Logs

{"timestamp":"2025-01-10T16:00:00Z","computer_name":"oci-worker-28","user":"agent_svc","image":"/usr/bin/python3","target_filename":"/opt/agent/memory/fetched_page_20250110.html","event_type":"CreateFile"}

Required Fields

image

target_filename

user

computer_name

False Positives

·Web research agents that cache fetched pages in memory directories as part of their normal research workflow

Tuning Guidance

This is a low-severity signal intended to be combined with behavioral correlation. Elevate priority when the source URL for the fetched content is a newly observed or suspicious domain.