Input sanitization is currently delegated to the LLM/Framework.

• No prompt injection guardrails currently active
• Input validation relies on underlying LLM safety mechanisms
• Memory persistence depends on configured backend (currently using InMemoryStore in some cases)

• Basic authentication mechanisms not implemented
• API endpoints may be accessible without proper authorization

• Sensitive data may be stored in plain text depending on configuration
• Encryption of stored memories not implemented by default