Skills
skills/helderberto/skills/ship/Gen Agent Trust Hub

ship

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes multiple shell commands including git for repository management and npm for running linting and tests.
  • [DATA_EXFILTRATION]: The skill utilizes git push to transfer local data to a remote repository. It employs git add -A to stage all changes, which creates a risk of accidentally committing and pushing sensitive files or hardcoded secrets that have not been manually reviewed.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it processes data from local files to drive behavior.
  • Ingestion points: Reads package.json to identify scripts and git log/git diff to generate commit messages.
  • Boundary markers: Absent; the skill does not use delimiters or instructions to ignore embedded commands in the files it reads.
  • Capability inventory: Possesses shell execution capabilities via git and npm.
  • Sanitization: Absent; it executes scripts directly from the project configuration.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 10:23 AM