cekura-fixing-prod-issues
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill implements a dynamic command execution pattern where it reads run instructions from project files like
memory.mdorCLAUDE.md, or asks the user for them, and then executes these commands to start a local agent during the reproduction and verification phases. - [PROMPT_INJECTION]: There is a risk of indirect prompt injection in Phase 2a, as the skill replays production call transcripts "verbatim" into evaluator configurations. Malicious content within the production transcript could potentially attempt to influence the agent's behavior during the scenario creation process.
- [DATA_EXFILTRATION]: The skill accesses sensitive production data, including customer variables and full call transcripts, via the Cekura API. This data is handled within the context of debugging and reproduction; no unauthorized external exfiltration was detected as the skill targets the official Cekura dashboard and local development environment.
- [COMMAND_EXECUTION]: The skill uses the GitHub CLI (
gh pr create) to create pull requests, which is an expected behavior for a development-focused skill.
Audit Metadata