Skills
skills/bacoco/shipguard/sg-code-audit/Gen Agent Trust Hub

sg-code-audit

Pass

Audited by Gen Agent Trust Hub on Apr 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting untrusted content from the repository and passing it to AI agents. \n
  • Ingestion points: CLAUDE.md (Phase 2), .shipguard/learnings.yaml (Phase 3), and repository source files (Phase 4). \n
  • Boundary markers: The skill uses markdown headers like 'Project Rules' to delimit ingested content but lacks explicit 'ignore' instructions for embedded commands. \n
  • Capability inventory: Dispatched agents can execute shell commands (git, node, pytest, npx, go build), write files, and commit changes. \n
  • Sanitization: No sanitization or escaping of the ingested content is performed before interpolation into agent prompts.\n- [COMMAND_EXECUTION]: The skill executes multiple shell commands to discover the project stack, run syntax checks, and perform tests. \n
  • Evidence: Uses git, find, node, python3, npx tsc, go build, pytest, and npx jest. \n
  • Context: While these commands are standard for auditing and testing, they execute content from the repository, which poses a risk if auditing untrusted or malicious codebases.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 28, 2026, 01:35 PM