Skills
skills/elihuvillaraus/skills/pm-feedback/Gen Agent Trust Hub

pm-feedback

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill is designed to ingest and process untrusted data from multiple external channels including social media, support tickets, and community forums. This creates a surface for indirect prompt injection where malicious instructions embedded in user feedback could attempt to influence the agent's behavior.
  • Ingestion points: Data ingestion from surveys, interviews, support tickets, reviews, and social media (SKILL.md).
  • Boundary markers: None detected; instructions do not specify delimiters or warnings to ignore embedded content.
  • Capability inventory: Access to bash, git, and file operations (File ops) (SKILL.md).
  • Sanitization: No explicit sanitization or validation logic is described for the incoming feedback data.
  • [COMMAND_EXECUTION]: The skill documentation explicitly references the use of powerful system tools including bash and git. While standard for developer agents, these tools provide the capability to execute arbitrary commands and modify the project environment.
  • [DATA_EXFILTRATION]: The processing pipeline includes automated data ingestion from multiple external sources via API integration. While no specific malicious destinations are hardcoded, the capability to communicate with external endpoints is inherent to the skill's primary function.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 02:51 PM
Security Audit — agent-trust-hub — pm-feedback