interpret-feedback
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes third-party feedback from external URLs or files, creating an indirect prompt injection surface. The ingestion of untrusted data combined with the capability to spawn subagents creates a pathway for content-driven manipulation.\n
- Ingestion points: Step 1 involves reading file paths or fetching content from URLs provided in the conversation context (SKILL.md).\n
- Boundary markers: The instructions do not define boundary markers (such as XML tags or specific delimiters) to isolate the untrusted feedback content from the agent's logic.\n
- Capability inventory: The skill can read local files, fetch remote content via URLs, and spawn subagents with tool-use capabilities using the opus model (SKILL.md).\n
- Sanitization: No sanitization or validation of the ingested content is performed before it is processed by the interpretation subagents.\n- [EXTERNAL_DOWNLOADS]: Step 1 permits the agent to fetch content from user-supplied URLs to identify feedback items. While this is necessary for the skill's function, it involves interaction with potentially untrusted external domains.
Audit Metadata