Skills
skills/phrazzld/claude-config/check-production/Gen Agent Trust Hub

check-production

Warn

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes multiple shell commands including gh, vercel, and curl to gather production data. It also attempts to execute locally stored scripts from ~/.claude/skills/triage/scripts/.
  • [DATA_EXFILTRATION]: Reads configuration from .env.local to determine the application's health endpoint. While used for diagnostics, this demonstrates access to environment configuration files which may contain sensitive secrets.
  • [PROMPT_INJECTION]: The skill processes untrusted external data from Sentry errors and Vercel logs which could contain malicious instructions designed to influence the agent's behavior.
  • Ingestion points: Sentry issue reports, Vercel log output, GitHub Action run details.
  • Boundary markers: Absent.
  • Capability inventory: Shell command execution (bash, gh, vercel, curl), file system reads (grep).
  • Sanitization: Absent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 1, 2026, 07:18 AM