ReasoningBank Intelligence
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is highly susceptible to Indirect Prompt Injection through its core 'learning' mechanism.
- Ingestion points: Untrusted data enters the system through
rb.recordExperienceandrb.learnPattern(e.g., task outcomes, approaches, and contexts). - Boundary markers: There are no markers or delimiters shown in the documentation to distinguish between trusted logic and untrusted experience data.
- Capability inventory: The skill influences the agent's future actions via
rb.recommendStrategy, which can lead to the agent choosing malicious 'optimal' paths if the training data is poisoned. - Sanitization: No evidence of sanitization or validation for the 'experience' inputs, allowing malicious instructions embedded in metadata or task outcomes to be treated as valid training data.
- EXTERNAL_DOWNLOADS (MEDIUM): The skill requires external Node.js dependencies
agentic-flowandAgentDBfrom an untrusted GitHub user (ruvnet). These packages are not part of the defined trusted source list and have not been independently verified for security.
Recommendations
- AI detected serious security threats
Audit Metadata