receive-feedback
Pass
Audited by Gen Agent Trust Hub on May 26, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because its core purpose is to ingest and act upon data from external, untrusted sources such as PR comments or CI logs.
- Ingestion points: The skill reads external feedback files provided via the
$ARGUMENTSparameter inSKILL.md. - Boundary markers: The skill employs rigorous boundary markers in
VERIFICATION.mdandEVALUATION.md, requiring the agent to 'Verify before implementing' and use tools to check the codebase state. - Capability inventory: The agent has access to
Read,Grep, andSkilltools, and is instructed to run tests or reproduction scripts inVERIFICATION.md. - Sanitization: Sanitization is handled through the tool-based verification process, though the effectiveness depends on the agent not being swayed by instructions embedded within the feedback items themselves.
- [COMMAND_EXECUTION]: The verification workflow in
VERIFICATION.mdinstructs the agent to 'Reproduce with test or script' when validating bug reports. If a malicious feedback item provides a reproduction script or command, the agent might execute untrusted code in the local environment.
Audit Metadata