Skills
skills/olshansk/agent-skills/cmd-productionize/Gen Agent Trust Hub

cmd-productionize

Pass

Audited by Gen Agent Trust Hub on Mar 8, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it mandates the agent to perform exhaustive analysis of external codebase files (e.g., README.md, package.json, source code) during the 'Codebase Analysis Phase'.
  • Ingestion points: Files like README.md, package.json, pubspec.yaml, and source code are read to understand the project structure and requirements.
  • Boundary markers: There are no instructions or delimiters defined to separate user-provided data from agent instructions, nor warnings to ignore embedded commands.
  • Capability inventory: The agent is empowered to write to the filesystem (via TodoWrite updates and implementation changes) and generate executable deployment scripts.
  • Sanitization: There is no mention of sanitizing or validating the contents of the analyzed files before they are integrated into the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 8, 2026, 10:25 PM