Skills
skills/prosperity-solutions/veld/veld-feedback/Gen Agent Trust Hub

veld-feedback

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and acts upon untrusted data provided by humans through feedback threads.\n
  • Ingestion points: The skill uses the veld feedback listen command to receive JSON events containing human-authored text in fields like thread.messages[0].body and message.body (as documented in SKILL.md).\n
  • Boundary markers: There are no explicit instructions or delimiters provided to the agent to treat the human feedback as data rather than instructions, nor is there a directive to ignore embedded instructions within the feedback text.\n
  • Capability inventory: The agent is granted the capability to perform code changes and execute various veld CLI subcommands (answer, ask, threads) based on the content of these external messages.\n
  • Sanitization: The instructions do not specify any validation, filtering, or sanitization of the feedback content before it is processed by the agent to determine its next actions.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 06:52 PM