AgentDB Learning Plugins

Warn

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to execute npx agentdb@latest, which downloads the package from the npm registry at runtime. The package is not from a recognized trusted vendor and is not pinned to a specific version.
  • [REMOTE_CODE_EXECUTION]: Use of npx with the @latest tag facilitates the execution of remote code from an external source without integrity checks, exposing the agent to potential supply chain attacks.
  • [COMMAND_EXECUTION]: The skill provides several shell commands to manage reinforcement learning plugins, templates, and metadata via the agentdb CLI.
  • [PROMPT_INJECTION]: The skill implements a workflow for storing and retrieving "experience" data to train models, creating a surface for indirect prompt injection.
  • Ingestion points: Arbitrary data is ingested into the local database using the adapter.insertPattern method as shown in the API examples.
  • Boundary markers: The provided code snippets and instructions do not include boundary markers or system prompts to ignore potential instructions embedded within the ingested patterns.
  • Capability inventory: The system retrieves this data and synthesizes it into the agent's context using adapter.retrieveWithReasoning to influence decision-making.
  • Sanitization: No evidence of sanitization, validation, or escaping of the pattern_data field is present in the skill instructions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 14, 2026, 12:17 AM
Security Audit — agent-trust-hub — AgentDB Learning Plugins