A spy can see whether a transaction exists in a target node's mempool before the node INV-announces it (overcoming the trickle protection).

0. Fill all the inbound slots of the target (up to 117 by default), and make sure your connections are not protected from eviction (e.g., delay block delivery to the target, etc).
1. Relay txA to the peer from connection CSpy.
2. Issue more connections to the target (say, 100 more).
3. If CSpy was not evicted while others were, it's likely CSpy was protected because it provided a new transaction txA.

It's quite hard to pull off due to a lot of noise.

A potential solution is a rolling window of recent transactions (say 1000) instead of the very recent ones.