reasoningbank-with-agentdb
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): The script 'resources/trajectory-tracker.sh' executes 'npx agentdb@latest'. This pattern downloads and runs the most recent version of an external package from the public npm registry without version pinning or integrity checks, which allows for immediate code execution on the host system if the package is compromised.
- EXTERNAL_DOWNLOADS (MEDIUM): The skill relies on 'agentic-flow' and 'agentdb', which are not sourced from the recognized 'Trusted External Sources' list.
- COMMAND_EXECUTION (LOW): Trajectory tracking and analysis logic are implemented via bash scripts that interpolate agent-controlled strings into shell commands and temporary files.
- INDIRECT_PROMPT_INJECTION (LOW): The skill has an injection surface in 'resources/trajectory-tracker.sh' (Ingestion: CLI arguments for task descriptions and actions; Boundaries: Absent; Capabilities: Subprocess execution via npx; Sanitization: Absent). This could be leveraged to manipulate trajectory logs or cause JSON corruption if an attacker controls the task inputs provided to the agent.
Recommendations
- AI detected serious security threats
Audit Metadata