oneshot-ship
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data which introduces a surface for Indirect Prompt Injection. Evidence: (1) Ingestion points: Codebase files, repository configuration (CLAUDE.md), and external Linear ticket descriptions. (2) Boundary markers: No delimiters or warnings are mentioned to prevent the model from following instructions embedded in the data. (3) Capability inventory: The tool performs file system modifications, executes CLI commands, and interacts with GitHub and Linear APIs. (4) Sanitization: No sanitization or validation of the ingested external content is described.
- [CREDENTIALS_UNSAFE]: The tool is designed to store sensitive API keys for Anthropic and Linear in a local configuration file at ~/.oneshot/config.json. While standard for many developer tools, these are stored in plain text.
- [EXTERNAL_DOWNLOADS]: The skill instructs users to install a global package via Bun and depends on external CLI tools from Anthropic, OpenAI, and GitHub. These are from well-known sources and the vendor's own repository.
- [COMMAND_EXECUTION]: The tool automates its workflow by executing shell commands for Git, AI model interfaces, and dependency management tools.
Audit Metadata