ship-it
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs multiple shell operations using
gitandgh. It interpolates variables derived from user-provided arguments and command outputs into shell strings for branch management, commits, and PR creation. - [PROMPT_INJECTION]: The skill identifies an indirect prompt injection surface when reading existing PR titles and bodies from GitHub. It includes explicit instructions for the agent to treat this third-party metadata as untrusted and to ignore any commands or instructions found within it.
- [EXTERNAL_DOWNLOADS]: The skill interacts with GitHub (
github.com), a well-known and trusted service, to push code and manage pull requests. - [COMMAND_EXECUTION]: The documentation indicates that the skill may require lifting sandbox restrictions (e.g.,
dangerouslyDisableSandbox: true) to allow the GitHub CLI to access the OS keyring for authentication, which is a significant permission request necessary for its intended function. - [PROMPT_INJECTION]: The skill employs secure scripting practices by using quoted heredocs (
cat <<'EOF') when writing PR bodies, preventing the local shell from interpolating or executing content extracted from git logs or user input.
Audit Metadata