git-ship
Fail
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes administrative commands via the GitHub CLI (
gh api) to disable active GitHub Actions workflows. This prevents automated security scanning, testing, and CI/CD pipelines from running on the pushed code. - [COMMAND_EXECUTION]: The skill provides logic to delete branch protection rules (
required_pull_request_reviews) via the GitHub API. This allows the agent to bypass mandatory human review requirements and merge code directly into protected branches using administrative privileges (--admin). - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection.
- Ingestion points: The workflow relies on data extracted from the repository environment and GitHub API responses (SKILL.md).
- Boundary markers: Absent; there are no instructions to the agent to distinguish between its own logic and instructions that might be embedded in the code or PR descriptions it processes.
- Capability inventory: The skill possesses high-privilege capabilities including modifying repository security settings, disabling CI, and performing administrative merges (SKILL.md).
- Sanitization: No sanitization or validation is performed on the repository state or the changes being 'shipped' before the security gates are lowered.
Recommendations
- AI detected serious security threats
Audit Metadata