skill-feedback
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands, specifically
mv, to archive completed feedback reports within the agent's local directory structure. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted conversational data from the session and extracts verbatim quotes to generate improvement reports and potentially drive code changes.
- Ingestion points: Conversation logs and session history containing user input and tool outputs.
- Boundary markers: The generated reports utilize Markdown headers and YAML frontmatter as structural delimiters.
- Capability inventory: The skill has the ability to read and write files within the
~/.claude/skills/directory and execute basic shell commands. - Sanitization: There is no explicit process mentioned for sanitizing or escaping the session data before it is included in reports or used for implementation tasks.
Audit Metadata