ship-ios-app
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is susceptible to Indirect Prompt Injection (Category 8) because it executes high-impact write operations based on untrusted external data.
- Ingestion points: Pull Request metadata (title, status) from 'gh pr list' and contents of 'README.md', 'CLAUDE.md', and 'CHANGELOG.md'.
- Boundary markers: Absent; the agent lacks delimiters to separate untrusted file content from its internal logic instructions.
- Capability inventory: 'gh pr merge' (merging code to main branch), 'git push' (modifying remote repository history), and 'git tag' (creating releases).
- Sanitization: Absent; the agent interprets raw CLI output and file content directly to satisfy conditional 'Pre-flight checks'.
- COMMAND_EXECUTION (MEDIUM): The skill uses multiple shell commands (gh, git, agvtool, grep) to automate the release workflow. The security of the 'Shipping Process' depends entirely on the agent's interpretation of command results, which can be manipulated by malicious data in the environment.
Recommendations
- AI detected serious security threats
Audit Metadata