git-ship

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This skill explicitly instructs programmatic disabling of GitHub Actions workflows and temporary removal of branch protection to bypass CI and required reviews—an intentional, high-risk bypass of repository security controls that can be used as a backdoor to merge unreviewed or malicious changes.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly calls GitHub API endpoints (e.g., "gh api repos/{OWNER}/{REPO}/actions/workflows" and "gh api repos/{OWNER}/{REPO}/branches/.../protection/required_pull_request_reviews") to read workflows and branch-protection JSON from repositories and then acts on that data to decide which workflows to disable/enable and whether to modify protections, exposing it to untrusted/user-generated third-party content.