cmd-productionize
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill requires the agent to ingest and analyze untrusted data from external source files and configurations.
- Ingestion points: The agent reads files such as README.md, package.json, and pubspec.yaml into its context (SKILL.md).
- Boundary markers: The instructions lack requirements for delimiters or instructions to ignore embedded commands within the processed data.
- Capability inventory: The agent has capabilities to read and write files across the project directory during the implementation phase.
- Sanitization: There are no explicit steps provided to sanitize or validate the content of the analyzed files before they influence agent behavior.
Audit Metadata