AgentDB Learning Plugins
Warn
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to execute
npx agentdb@latest, which downloads the package from the npm registry at runtime. The package is not from a recognized trusted vendor and is not pinned to a specific version. - [REMOTE_CODE_EXECUTION]: Use of
npxwith the@latesttag facilitates the execution of remote code from an external source without integrity checks, exposing the agent to potential supply chain attacks. - [COMMAND_EXECUTION]: The skill provides several shell commands to manage reinforcement learning plugins, templates, and metadata via the
agentdbCLI. - [PROMPT_INJECTION]: The skill implements a workflow for storing and retrieving "experience" data to train models, creating a surface for indirect prompt injection.
- Ingestion points: Arbitrary data is ingested into the local database using the
adapter.insertPatternmethod as shown in the API examples. - Boundary markers: The provided code snippets and instructions do not include boundary markers or system prompts to ignore potential instructions embedded within the ingested patterns.
- Capability inventory: The system retrieves this data and synthesizes it into the agent's context using
adapter.retrieveWithReasoningto influence decision-making. - Sanitization: No evidence of sanitization, validation, or escaping of the
pattern_datafield is present in the skill instructions.
Audit Metadata