feedback-framer
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: The skill does not contain any executable scripts, binary files, or external network requests. It functions solely as a guide for the AI agent to process text provided by the user.
- [NO_CODE]: There are no code files (Python, JavaScript, shell scripts) associated with this skill. All logic is defined in Markdown as instructions for the LLM.
- [PROMPT_INJECTION]: Analysis of indirect prompt injection surfaces (Category 8) indicates a low-risk profile. While the skill ingests untrusted user notes and reads competency files, it does not possess exploitable capabilities such as command execution or network exfiltration. Role-name normalization (slugifying) in Step 2 further mitigates directory traversal risks.
Audit Metadata