feedback-session
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill does not contain any patterns associated with data exfiltration, obfuscation, or unauthorized remote code execution.
- [COMMAND_EXECUTION]: The skill uses
gh(GitHub CLI) andgitcommands for managing issues and labels. These operations are restricted to project management tasks and do not involve high-risk system modifications. - [PROMPT_INJECTION]: The skill processes untrusted conversation history, creating an indirect prompt injection surface. This is mitigated by a mandatory human-in-the-loop review process:
- Ingestion points: Conversation history is reviewed in Step 2 to identify feedback signals.
- Boundary markers: No explicit delimiters are used to wrap the ingested session content.
- Capability inventory: The skill can create GitHub issues (
gh issue create), create labels (gh label create), and search issues (gh search). - Sanitization: Step 4 uses
AskUserQuestionwith a multi-selection interface, ensuring that no issues are created without explicit user verification and approval of the analyzed findings.
Audit Metadata