ship-cycle
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection via the processing of external data during its intake phase.
- Ingestion points: The Intake process (Step 4) in
SKILL.mdallows the skill to consume findings from external sources such as/vibesubinsweep reports, scanner outputs, or notes pasted directly by the operator. - Boundary markers: Absent. The skill instructions do not prescribe the use of delimiters or specific warnings to ignore instructions embedded within the processed intake data.
- Capability inventory: The skill has extensive repository and platform capabilities, including the execution of git commands (commit, tag, push) and GitHub CLI operations (issue, PR, and release creation), as well as general shell execution via the
Bashtool. - Sanitization: Absent. There are no requirements or procedures for sanitizing or validating the intake data before it is interpolated into issue bodies, PR descriptions, or release notes.
Audit Metadata