performance-review
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- Data Ingestion Surface: The skill is designed to interact with external data sources such as HRIS (Human Resources Information Systems) and project trackers when available. This represents a potential surface for indirect prompt injection if the data retrieved from these systems contains unexpected instructions. While the skill currently uses this data for pre-populating templates, it is a point for review regarding how external content is handled.
- Ingestion points: Data is pulled from
~~HRISand~~project trackerconnectors. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are specified in the current template logic.
- Capability inventory: The skill primarily generates markdown templates and does not execute system commands, network operations, or file-system writes.
- Sanitization: The skill does not explicitly mention sanitization or validation of the retrieved external content before pre-populating the review fields.
Audit Metadata