ship-discipline
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill consists entirely of instructional markdown content. No scripts, binaries, or automated command executions are included in the package.
- [PROMPT_INJECTION]: The instructions do not attempt to bypass safety filters or override the agent's core instructions. It includes a 'Confusion Protocol' which is a safety-positive feature that instructs the agent to stop and ask for clarification during architectural or destructive ambiguity.
- [DATA_EXFILTRATION]: There are no network operations, hardcoded credentials, or references to sensitive file paths (e.g., .env, .ssh, .aws).
- [EXTERNAL_DOWNLOADS]: The skill does not perform any external downloads or package installations. It mentions 'gstack' as a source, which appears to be a local reference or organizational naming convention.
- [COMMAND_EXECUTION]: While the skill mentions using tools like
Read,Edit,Grep, andBash, it does so in the context of guiding the agent on which tools to prefer for code review tasks. It does not contain any pre-written malicious commands.
Audit Metadata