ship
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes various shell commands and local scripts (e.g., git, gh, jq, and spex-ship-state.sh) to automate branch management, state tracking, and pull request creation.
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection (Category 8). Ingestion points: Reads content from brainstorm files in the brainstorm/ directory. Boundary markers: Absent; the skill passes raw brainstorm content to subsequent tools without encapsulation or instructions to ignore embedded instructions. Capability inventory: Performs git commits, branch pushes, and pull request creation via the GitHub CLI, and executes code implementation tasks. Sanitization: None; brainstorm content is not validated or filtered before processing.
- [PROMPT_INJECTION]: The skill contains instructions that explicitly command the agent to override interactive confirmation prompts ('Shall I proceed?') and 'ask' gates from sub-tools when oversight is set to 'smart' or 'never', which bypasses standard user oversight during autonomous execution.
Audit Metadata