skill-feedback-collection
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the GitHub CLI (
gh) to perform repository metadata lookups, search for existing issues, and create new issues for feedback submission. These actions are restricted to the skill's primary function of developer tooling. - [DATA_EXFILTRATION]: While the skill facilitates the transmission of session-derived feedback to external GitHub repositories, it incorporates a mandatory 'Privacy Check' phase. This requires the agent to remove all sensitive project-specific data (such as internal APIs, secrets, and business logic) and mandates that the user review and approve the sanitized content before it is submitted.
- [PROMPT_INJECTION]: The skill identifies a potential indirect injection surface by reading session transcripts. It mitigates this risk through prescribed boundary checks and the requirement for manual human intervention/review of the output before execution of remote network commands.
Audit Metadata