reflexion-pattern

Pass

Audited by Gen Agent Trust Hub on Jun 27, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill consists of architectural documentation, YAML rubrics, and Python code templates. No malicious command execution, network exfiltration, or persistence mechanisms were detected.
  • [PROMPT_INJECTION]: The design pattern incorporates agent trajectories (which may contain data from untrusted external tools or web content) into the Critic prompt, creating a surface for indirect prompt injection. 1. Ingestion points: The variables 'trajectory' and 'task' in the CRITIC_PROMPT in SKILL.md. 2. Boundary markers: No delimiters or instructions to ignore embedded commands are present in the provided templates. 3. Capability inventory: The templates use the critic_llm.invoke and run_actor tools; no system-level or network capabilities are exposed in the provided code snippets. 4. Sanitization: No sanitization or escaping logic is included in the implementation examples.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 27, 2026, 04:56 PM
Security Audit — agent-trust-hub — reflexion-pattern