peer-feedback
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted content from external communication channels (DMs, emails, and shared files) and incorporates it into the feedback generation process without sanitization.
- Ingestion points: Interaction history including 1:1 chats, group chats, mentions, emails, and SharePoint/OneDrive files retrieved from workIQ in Phase 1 of SKILL.md.
- Boundary markers: None identified; retrieved data is summarized and used for drafting without the use of delimiters or 'ignore embedded instructions' warnings.
- Capability inventory: The skill uses retrieved data to synthesize a draft feedback document, providing a vector for external content to influence the agent's output.
- Sanitization: No logic is present to validate or filter instructions out of the content retrieved from workIQ.
- [DATA_EXFILTRATION]: The skill requests access to sensitive corporate data, including private messages, email summaries, and corporate documents from SharePoint/OneDrive. While this is the primary purpose of the skill, it involves high-impact data exposure within the agent's context.
Audit Metadata