Skills
skills/signerlabs/shipswift-skills/explore-recipes/Gen Agent Trust Hub

explore-recipes

Pass

Audited by Gen Agent Trust Hub on Feb 26, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions to download and install packages from the author's own repository (signerlabs/shipswift-skills) and connect to the official vendor MCP server at https://api.shipswift.app/mcp.
  • [PROMPT_INJECTION]: The skill is identified as having an indirect prompt injection surface as it retrieves content from an external API which is then presented within the agent's context.
  • Ingestion points: Content returned by the listRecipes, searchRecipes, and getRecipe tools.
  • Boundary markers: Absent; the instructions do not explicitly tell the agent to ignore or delimit instructions found within the fetched recipe code or descriptions.
  • Capability inventory: The skill is used for browsing and retrieving code templates but does not contain internal scripts with dangerous capabilities like arbitrary command execution.
  • Sanitization: Absent; no validation or sanitization process for the external API responses is defined in the skill documentation.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 26, 2026, 12:26 PM