ship
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the execution of deployment-related shell commands and triggers CI/CD workflows as part of its 'Ship' process. Examples include building and flashing firmware using tools like PlatformIO (e.g.,
pio run). This behavior is consistent with the skill's stated purpose of delivering code to users and requires the agent to have appropriate permissions in the deployment environment.\n- [INDIRECT_PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection due to its interaction with external data.\n - Ingestion points: The skill reads data from Pull Requests, CI/CD configuration files (YAML), and session files stored in the
.oh/directory.\n - Boundary markers: There are no explicit instructions for the agent to use delimiters or ignore embedded instructions when processing this external data.\n
- Capability inventory: The skill possesses the ability to execute shell commands, write to the local file system, and trigger remote pipelines.\n
- Sanitization: The skill does not provide specific instructions for sanitizing or validating external input before it is used to determine deployment actions.
Audit Metadata