ship-it
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a dedicated backend script,
scripts/tracker.mjs, to interface with the GitHub CLI (gh). It employsexecFileSyncwith argument arrays to perform operations such as listing issues, fetching comments, and creating pull requests. This implementation is secure and prevents shell-level command injection.- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection due to its core function of ingesting and processing untrusted data from GitHub issues. - Ingestion points: The orchestrator fetches issue bodies and comments via
ghcommands inscripts/tracker.mjs. - Boundary markers: The prompts in
templates/implementer-prompt.mdandtemplates/spec-compliance-prompt.mddo not utilize specific delimiters or instructions to ignore potentially malicious directions embedded in issue content. - Capability inventory: Subagents are equipped with development tools (e.g., the
tddskill) that have permissions to modify local files and execute code. - Sanitization: The skill does not perform automated sanitization of fetched GitHub data before using it as context for subagents.
Audit Metadata