Skills
skills/ron-myers/candid/candid-ship/Gen Agent Trust Hub

candid-ship

Warn

Audited by Gen Agent Trust Hub on Apr 25, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill reads shell commands for build and test phases directly from project-level configuration files (.candid/config.json) and executes them in the shell.
  • [PROMPT_INJECTION]: The skill implements an indirect prompt injection surface by interpolating the additionalPrompt field from a project configuration file into the instructions provided to the /candid-loop sub-agent.
  • [COMMAND_EXECUTION]: The skill constructs shell commands for the GitHub CLI (gh) using git log metadata, such as commit titles and bodies, without sanitization.
  • [PROMPT_INJECTION]: (Category 8 Evidence) Ingestion points: The .candid/config.json file in the repository. Boundary markers: Uses an instructional prefix ('IMPORTANT: During this review...') rather than secure delimiters. Capability inventory: Shell command execution, Git push operations, and GitHub PR creation. Sanitization: None detected for the interpolated prompt content.
  • [COMMAND_EXECUTION]: (Category 8 Evidence) Ingestion points: The .candid/config.json file in the repository. Boundary markers: None. Capability inventory: Execution of arbitrary shell commands. Sanitization: The skill implements a manual confirmation step where the user is shown the plan, including the commands to be run, before execution.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 25, 2026, 06:55 PM