church-ship
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a CLI tool named 'church' to perform various repository-related tasks, including loading context, checking ledgers, and advancing the lifecycle status of a project.
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by ingesting untrusted data like code diffs and PR descriptions.
- Ingestion points: External data enters the agent context through the processing of PR diffs and UAT results specified in SKILL.md.
- Boundary markers: There are no explicit delimiters or instructions to ignore potential commands embedded within the diffs or UAT results.
- Capability inventory: The agent can execute system commands via the 'church' CLI tool, as seen in the bash snippets in SKILL.md.
- Sanitization: The instructions do not define any sanitization or validation steps for the input data before it is evaluated by the agent.
Audit Metadata