Skills
skills/vstorm-co/production-stack-skills/production-review/Gen Agent Trust Hub

production-review

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted external code as part of its core review workflow, creating an indirect prompt injection surface where instructions hidden in code comments or strings could attempt to subvert the agent's behavior or the review's integrity.
  • Ingestion points: Code snippets, files, and pull request data as described in the review workflow in SKILL.md.
  • Boundary markers: The instructions do not specify the use of delimiters or 'ignore' commands to isolate reviewed code from the agent's system instructions.
  • Capability inventory: The skill focus is on analysis and report generation, but it functions within an agent environment that likely possesses broader tool access.
  • Sanitization: There are no requirements for the agent to sanitize or validate the input code before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 10:32 PM