ship
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses dynamic context injection placeholders (
!git status,!git diff,!git log) to automatically retrieve the repository's state and history when the skill is loaded. These are standard development operations for the task. - [COMMAND_EXECUTION]: Executes package manager scripts (
npm run lint,npm test) to perform automated quality assurance before allowing a commit to proceed. - [COMMAND_EXECUTION]: Performs git operations including staging specific files, creating commits using HEREDOC syntax, pushing to remote branches, and rebasing when necessary.
- [PROMPT_INJECTION]: The skill represents an indirect prompt injection surface as it ingests untrusted data from the repository's git logs and diffs.
- Ingestion points: Context is loaded from the repository history and current changes in SKILL.md.
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the provided instructions.
- Capability inventory: The agent has the ability to execute shell commands (git, npm) based on its analysis of the ingested data.
- Sanitization: No specific sanitization or filtering of the diff/log content is mentioned.
Audit Metadata