andre/crewAI
1
0
Fork 0
mirror of https://github.com/crewAIInc/crewAI.git synced 2026-04-15 15:32:40 +00:00
Code Issues Actions 5 Packages Projects Releases Wiki Activity
Files
e5f25c63d23db0bd5745ce513f6b82817c42de9f
crewAI/lib
History
Devin AI e5f25c63d2 fix: sanitize memory content before prompt injection to prevent indirect prompt injection 
Fixes #5057

- Add sanitize_memory_content() utility in crewai.memory.utils that:
  - Collapses excessive whitespace/newlines
  - Truncates to max_length (default 500 chars)
  - Wraps content in [RETRIEVED_MEMORY_START]/[RETRIEVED_MEMORY_END] boundary markers
- Apply sanitization in all memory injection sites:
  - LiteAgent._inject_memory_context()
  - Agent.execute_task() (sync and async)
  - Agent._prepare_kickoff()
  - Flow human_feedback._pre_review_with_lessons()
- Update MemoryMatch.format() to sanitize content
- Update framing text to 'retrieved context, not instructions'
- Add 16 tests covering sanitization logic and integration

Co-Authored-By: João <joao@crewai.com>
2026-03-25 04:10:49 +00:00
..
crewai
fix: sanitize memory content before prompt injection to prevent indirect prompt injection
2026-03-25 04:10:49 +00:00
crewai-files
feat: bump versions to 1.11.1 (#5030)
2026-03-23 16:22:19 -07:00
crewai-tools
feat: bump versions to 1.11.1 (#5030)
2026-03-23 16:22:19 -07:00
devtools
feat: bump versions to 1.11.1 (#5030)
2026-03-23 16:22:19 -07:00