ship
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface identified. The skill ingests data from local documentation files (TASKS.md, docs/task/.md, and docs/testing/.md) and interpolates the content into pull request bodies and branch names. There are no boundary markers or sanitization logic provided to isolate this potentially untrusted data from the agent's instructions.
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands using git, the GitHub CLI (gh), and pnpm to manage the deployment process. Task IDs and metadata from local files are interpolated into these commands, which could be exploited for command injection if the source files are maliciously crafted.
- [EXTERNAL_DOWNLOADS]: The skill references and recommends the installation of external plugins from the Vercel Labs and Supabase GitHub repositories to provide additional linting and best-practice checks during deployment.
Audit Metadata