skills/evo-hq/evo/ship/Gen Agent Trust Hub

ship

Pass

Audited by Gen Agent Trust Hub on Jul 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local commands including git, gh, and evo to manage repository state and analyze experiment results. These operations are standard for development workflows and restricted to the current repository context.
  • [DATA_EXFILTRATION]: Utilizes the gh pr create command to send code and metadata to GitHub. This network operation targets a well-known service and is essential to the skill's purpose, with mandatory user consent required before execution.
  • [PROMPT_INJECTION]: The skill ingests data from experiment results (hypotheses and scores) and interpolates them into pull request descriptions. This represents an indirect prompt injection surface; however, the risk is mitigated by explicit requirements for user review and confirmation before the pull request is created.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 1, 2026, 06:50 PM
Security Audit — agent-trust-hub — ship