The Agent Skills Directory

Indirect Prompt Injection (SAFE): The skill is designed to process untrusted data (customer feedback), which is an attack surface for indirect prompt injection. Since this is the primary purpose of the skill and no executable code is provided, the severity is minimal.
Ingestion points: User feedback from in-app widgets, NPS surveys, and support tickets (SKILL.md).
Boundary markers: Absent in the provided templates.
Capability inventory: None (no code files or external tool calls).
Sanitization: Not specified in the framework.
Metadata Analysis (SAFE): The manifest and frontmatter accurately reflect the skill's purpose as a feedback analyzer. No malicious instructions or deceptive metadata were found.

customer-feedback-analyzer