developer-performance-diagnostic
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is designed to ingest untrusted external data that can influence its reasoning and output.
- Ingestion points: Peer feedback, 1:1 notes, stakeholder satisfaction, and code review comments (referenced in 'Data Collection').
- Boundary markers: None. There are no instructions to delimit or ignore embedded commands within the ingested text.
- Capability inventory: The skill produces a 'Diagnostic Output' JSON that recommends 'targeted interventions' and identifies 'root causes'. This output likely influences high-stakes downstream decisions like performance reviews or PIPs.
- Sanitization: None. The framework lacks any mechanism to sanitize or validate the content of qualitative signals before processing.
- Data Exposure (HIGH): The skill explicitly targets sensitive PII and confidential HR data.
- Evidence: The purpose includes analyzing '1:1 notes', 'peer feedback', and 'individual concerns'. Accessing this data without explicit security controls poses a significant privacy and exposure risk.
- Dynamic Execution (MEDIUM): The skill references a script
scripts/analyze-patterns.pyfor automated anomaly detection. - Evidence: While the script content is not provided, referencing local executables for data analysis is a risk factor if the script performs unsafe operations or incorporates the aforementioned untrusted data into execution logic.
Recommendations
- AI detected serious security threats
Audit Metadata