interpret-feedback
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting and processing untrusted data from external sources.
- Ingestion points: Feedback content is retrieved from conversation context, provided file paths, or external URLs (SKILL.md).
- Boundary markers: The instructions include skepticism guidance instructing the agent not to take feedback at face value, but the skill lacks explicit delimiters or instructions to ignore embedded commands in the feedback material.
- Capability inventory: The skill has the capability to read files, fetch content from URLs, spawn subagents with custom instructions, and invoke the /peer-review skill.
- Sanitization: There is no evidence of content validation or sanitization before the feedback items are passed to subagents for interpretation.
- [EXTERNAL_DOWNLOADS]: The skill allows fetching content from user-provided URLs to identify feedback items.
- Evidence: "If a file path or URL was provided, read or fetch the content" (SKILL.md).
Audit Metadata