shipwright
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No patterns detected that attempt to bypass safety filters or override system instructions.
- [Data Exposure] (SAFE): No hardcoded credentials, API keys, or access to sensitive local environment files found.
- [Remote Code Execution] (SAFE): No unsafe remote script execution patterns like piped shell commands were identified.
- [Indirect Prompt Injection] (LOW): The skill is designed to manage and modify project build files. Evidence Chain: 1. Ingestion points: Reads user-defined configuration files (config/shipwright.js) and source assets. 2. Boundary markers: Absent in skill rules. 3. Capability inventory: Modifications to build scripts and dependency installation. 4. Sanitization: Not explicitly implemented within the provided templates. This represents a standard development capability rather than a specific vulnerability.
Audit Metadata