ReasoningBank Intelligence
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill ingests untrusted data from task outcomes and metrics to learn patterns and recommend future strategies, creating a surface for indirect prompt injection if the source data is attacker-controlled.
- Ingestion points: Data enters via
rb.recordExperienceandrb.learnPatterninSKILL.md. - Boundary markers: No specific delimiters or 'ignore' instructions are used when processing the text-based pattern and context data.
- Capability inventory: The skill performs file-system writes for persistence via AgentDB (
./reasoning-bank.db). No evidence of subprocess execution, network requests, or dynamic code evaluation was found. - Sanitization: The provided implementation snippets do not show sanitization or validation of the input data before it is stored or used for pattern matching.
- [Unverifiable Dependencies] (SAFE): The skill relies on
agentic-flowandAgentDB. While these are not on the pre-approved trusted sources list, they are used within their intended scope for AI agent logic and data persistence, and no suspicious remote execution patterns were found.
Audit Metadata