receive-feedback

Pass

Audited by Gen Agent Trust Hub on May 26, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because its core purpose is to ingest and act upon data from external, untrusted sources such as PR comments or CI logs.
  • Ingestion points: The skill reads external feedback files provided via the $ARGUMENTS parameter in SKILL.md.
  • Boundary markers: The skill employs rigorous boundary markers in VERIFICATION.md and EVALUATION.md, requiring the agent to 'Verify before implementing' and use tools to check the codebase state.
  • Capability inventory: The agent has access to Read, Grep, and Skill tools, and is instructed to run tests or reproduction scripts in VERIFICATION.md.
  • Sanitization: Sanitization is handled through the tool-based verification process, though the effectiveness depends on the agent not being swayed by instructions embedded within the feedback items themselves.
  • [COMMAND_EXECUTION]: The verification workflow in VERIFICATION.md instructs the agent to 'Reproduce with test or script' when validating bug reports. If a malicious feedback item provides a reproduction script or command, the agent might execute untrusted code in the local environment.
Audit Metadata
Risk Level
SAFE
Analyzed
May 26, 2026, 05:53 AM
Security Audit — agent-trust-hub — receive-feedback