Skills
skills/bacoco/shipguard/sg-improve/Gen Agent Trust Hub

sg-improve

Pass

Audited by Gen Agent Trust Hub on Apr 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses local shell commands to manage a snapshot and rollback system for its internal learning files.
  • Evidence: Uses mkdir, cp, cat, and rm -rf to manage directories and files within the .shipguard/ subdirectory.
  • [DATA_EXFILTRATION]: The skill transmits session summaries and improvement suggestions to a remote repository via the GitHub CLI.
  • Evidence: Phase 5 utilizes gh issue create and gh issue comment to send data to the bacoco/ShipGuard repository on GitHub. This is consistent with the skill's stated purpose of filing generic improvements.
  • [PROMPT_INJECTION]: The skill scans user messages for specific friction signals, creating an attack surface for indirect prompt injection from the conversation history.
  • Ingestion points: Conversation history, specifically scanning user messages for regex patterns like USER_CORRECTION and TONE_ESCALATION in Phase 2.
  • Boundary markers: Absent; the skill performs direct regex scanning on raw user input.
  • Capability inventory: File system modification (cp, rm, cat) and external data transmission (gh CLI).
  • Sanitization: Relies on a classification logic (Phase 3) to distinguish between project-specific data (kept local) and generic data (sent to GitHub).
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 28, 2026, 01:35 PM