log-production-issues
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) due to the ingestion and processing of untrusted external data.\n- Ingestion points: Data enters the agent context from Vercel logs and Sentry error reports through the
/check-productionskill (File: SKILL.md).\n- Boundary markers: Absent; the skill lacks delimiters or explicit instructions to ignore embedded commands within the findings.\n- Capability inventory: The skill is capable of executing shell commands via the GitHub CLI (gh issue list,gh issue create) and searching existing issues.\n- Sanitization: Absent; external finding data is interpolated directly into bash heredocs and command arguments without validation or escaping.
Audit Metadata