Skills
skills/bluewaves-creations/bluewaves-skills/ship-skill/Gen Agent Trust Hub

ship-skill

Pass

Audited by Gen Agent Trust Hub on Mar 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to run local scripts (quick_validate.py, eval_workspace.py, token_budget.py, package_skill.py) and the skills-ref CLI tool to automate a shipping pipeline.
  • [PROMPT_INJECTION]: The skill processes external skill files, creating an attack surface for indirect prompt injection where malicious instructions in the target skill could influence the agent's behavior.
  • Ingestion points: Untrusted data enters the context when the agent reads files from the path specified in $ARGUMENTS (SKILL.md).
  • Boundary markers: No specific delimiters or 'ignore' instructions are used to isolate the data being validated.
  • Capability inventory: The agent utilizes Bash, Read, and Write tools across the pipeline (SKILL.md).
  • Sanitization: No sanitization or validation of the ingested content is performed before the agent processes it.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 28, 2026, 10:15 PM