Skills
skills/inkeep/team-skills/ship/Gen Agent Trust Hub

ship

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: Orchestrates repository actions using git worktree, git push, and gh pr commands to manage feature branches and pull requests autonomously.
  • [EXTERNAL_DOWNLOADS]: Installs project-specific dependencies using standard package managers (pnpm, npm, yarn) via npx to maintain environment consistency.
  • [PROMPT_INJECTION]: Accounts for potential indirect prompt injection by utilizing boundary markers and deterministic state management when processing external inputs like specs and PR feedback.
  • Ingestion points: Processes user-provided SPEC.md files, PR reviewer comments, and CI/CD logs.
  • Boundary markers: Employs clear delimiters (e.g., === STATE FILES ===) to separate system state from external data.
  • Capability inventory: Includes git operations, GitHub CLI interactions, and build/test execution.
  • Sanitization: Uses jq for secure JSON construction in state management scripts to prevent injection into execution artifacts.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 01:38 PM