[Security] possible SQL injection via string formatting in execute()

**File:** `agents/extensions/memory/advanced_sqlite_session.py` (line 349)

Building SQL queries with f-strings or % formatting lets user-controlled input alter the query structure. Use parameterized queries instead: cursor.execute("SELECT ... WHERE id = %s", (user_id,))