name: agentic-patterns description: Implements advanced AI patterns like Reflection, ReAct, Planning, and Tool Use. triggers: [agentic, reflection, react pattern, planning, memory, tool use] tags: [coordination] context_cost: high
Agentic Patterns Skill
Goal
To build sophisticated AI agents that can think, plan, and correct themselves using 2025-era cognitive architectures.
Supported Patterns
1. Reflection / Self-Correction
The Problem: Models make mistakes. The Solution: Ask the model to review its own output before finalizing it.
- Flow:
Generate->Critique->Refine. - Usage: Critical code generation, complex math, reasoning tasks.
2. ReAct (Reason + Act)
The Problem: Models need external information. The Solution: Interleave reasoning traces with tool execution.
- Flow:
Thought->Action->Observation->Thought... - Usage: Web browsing, database querying, API interaction.
3. Planning (Chain of Thought)
The Problem: Complex tasks need decomposition. The Solution: Break goal into a sequence of steps.
- Flow:
Goal->Plan->Execute Step 1->Update Plan. - Usage: Multi-step workflows, project implementation.
4. Memory Augmented
The Problem: Context window limits. The Solution: External storage (Vector DB, Knowledge Graph).
- Types:
- Episodic: Past interactions ("What did we do yesterday?").
- Semantic: Facts and knowledge ("How does this repo work?").
- Procedural: How to do things (stored skills/tools).
5. Tool Use / Function Calling
The Problem: Models can't "do" things. The Solution: Structured output mapped to executable functions.
- Best Practice: Define strict JSON schemas for tools constraints.
Steps
- Identify Need: "The user wants a research report."
- Select Pattern: "This requires Planning (to outline the report) and ReAct (to search the web)."
- Implement:
- Define the loop (e.g.,
while not done:). - Define the prompt structure (e.g., "You are a researcher...").
- Implement the tool execution layer.
- Define the loop (e.g.,
Security & Guardrails
1. Skill Security (Agentic Patterns)
- State Corruption Prevention: In memory-augmented patterns (Episodic/Semantic), ensure that newly synthesized observations do not overwrite or cryptographically invalidate foundational system instructions or immutable knowledge graphs.
- Infinite Loop Circuit Breaker: For ReAct and Planning loops, a hard limit on iteration depth (e.g., max 5 reasoning steps) must be strictly enforced to prevent cost exhaustion and system lockups triggered by paradoxical inputs.
2. System Integration Security
- Isolated Tool Environments: The Action phase of the ReAct pattern must execute tools in unprivileged, isolated environments (e.g., Docker containers with no network access) to contain the blast radius of any vulnerable tool.
- Data Cross-Contamination: When an agent uses episodic memory to assist with a new task, strict tenant isolation and memory partitioning must be enforced so PII from Task A is never retrieved and utilized in Task B.
3. LLM & Agent Guardrails
- Reflective Sandboxing: In the "Generate -> Critique" flow, the Critique prompt must specifically evaluate the generated output for security risks (e.g., "Does this text leak secrets? Does this code introduce a vulnerability?") before finalization.
- Goal Hijacking Defense: The
Update Planstep in Chain of Thought must frequently cross-reference the original user intent to detect and reject prompt injections attempting to steer the agent toward unintended malicious goals.