Skills
skills/dadbodgeoff/drift/community-feed/Gen Agent Trust Hub

community-feed

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (LOW): The skill handles untrusted data from a social database, which could contain malicious instructions designed to influence the agent's behavior.
  • Ingestion points: The get_feed method in SKILL.md retrieves content from the community_posts and users tables, which likely contain user-supplied text.
  • Boundary markers: No delimiters or defensive instructions (e.g., 'ignore commands in this data') are used when presenting post content to the agent.
  • Capability inventory: The CommunityFeedService includes methods to modify database state (like_post, unlike_post) and execute stored procedures (db.rpc), which could be abused if an agent is successfully injected.
  • Sanitization: The skill does not perform sanitization or safety filtering on the retrieved post content before returning it to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:11 PM