Skills
skills/curiouslycory/skills/ship-it/Gen Agent Trust Hub

ship-it

Pass

Audited by Gen Agent Trust Hub on Mar 15, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the git and gh (GitHub CLI) utilities to perform repository management tasks. These commands are executed locally based on the skill's defined workflow.
  • Evidence: Execution of git commit, git push, gh pr create, and gh pr merge in steps 2, 3, and 5.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads untrusted data (file diffs) to generate natural language outputs (commit messages and PR descriptions).
  • Ingestion points: git status and git diff outputs in Step 2.
  • Boundary markers: None present to delineate between code content and instructions.
  • Capability inventory: High-impact capabilities including git push and gh pr merge (Step 3 and Step 5).
  • Sanitization: No explicit sanitization or validation of the diff content is performed before passing it to the LLM.
  • [SAFE]: The skill's behavior is consistent with its stated purpose as a developer productivity tool. It uses authenticated standard interfaces (GitHub CLI) and includes user-confirmation steps for destructive actions like staging files.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 15, 2026, 01:48 AM