developer-feedback-collector
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill architecture is susceptible to Indirect Prompt Injection. * Ingestion points: Peer and manager feedback responses (described in 'Collect Feedback' section). * Boundary markers: Absent. The prompt framework and synthesis process lack delimiters (like XML tags or triple quotes) to isolate untrusted user input from agent instructions. * Capability inventory: Uses Python scripts ('scripts/synthesize-feedback.py') to process and aggregate this data, potentially allowing embedded instructions to influence the synthesis logic. * Sanitization: None mentioned. There is no evidence of filtering or escaping feedback content before it is processed by the AI.
- DATA_EXFILTRATION (MEDIUM): The skill handles sensitive Performance Review information and PII. While no active exfiltration code is visible, the lack of input sanitization increases the risk that an injected prompt could cause the agent to leak sensitive history or system prompts to unauthorized users.
Recommendations
- AI detected serious security threats
Audit Metadata