ship
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill executes 'git', 'gh', and a local 'bin/ci' script. These tools are appropriately scoped in the 'allowed-tools' section and are necessary for the skill's stated purpose of shipping code.
- PROMPT_INJECTION (SAFE): The skill reads repository data (diffs/logs), which creates a surface for indirect prompt injection. However, because 'disable-model-invocation' is set to true, the agent follows a deterministic set of instructions rather than generating behavior based on that untrusted data. 1. Ingestion points: git status, git diff HEAD, and git log. 2. Boundary markers: None. 3. Capability inventory: git, gh, and bin/ci. 4. Sanitization: No sanitization is performed on the ingested repository data.
Audit Metadata