bdi-mental-states
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements a Logic Augmented Generation (LAG) system that processes untrusted external data to generate mental states.
- Ingestion points: External natural language context and RDF triples are ingested via the
generate_mental_statesmethod inreferences/framework-integration.mdandaugment_llm_with_bdi_ontologyinSKILL.md. - Boundary markers: The skill uses simple text headers (e.g., '## Context to Model:') to separate context from instructions. It lacks cryptographically random delimiters or XML-style tagging that would more effectively isolate untrusted data from the system prompt.
- Capability inventory: The skill is designed for knowledge transformation and reasoning. It relies on standard RDF parsing libraries and does not include high-risk capabilities such as arbitrary shell command execution, file system modification, or non-whitelisted network requests.
- Sanitization: While the skill performs comprehensive structural validation of the LLM output against the BDI ontology constraints, it does not include pre-processing steps to sanitize or filter the input context for malicious prompt injection patterns.
Audit Metadata