feature-ideation
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION] (LOW): Potential for Indirect Prompt Injection. The skill is designed to ingest and process untrusted text from external sources such as Slack discussions and customer signals. While the skill has no dangerous capabilities (no network access, no file system writes, no shell execution), an attacker could embed instructions in the provided data to attempt to manipulate the agent's output.\n
- Ingestion points: Variables slack_discussions, customer_signals, and feature_ideas in SKILL.md are populated from user-provided content.\n
- Boundary markers: Absent. The user input is interpolated directly into a markdown template without delimiters or safety instructions.\n
- Capability inventory: None. The skill only performs text synthesis within the LLM context.\n
- Sanitization: None. The skill does not perform any validation or escaping of the input data.
Audit Metadata