spec-driven-ship
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands including git status, git commit, git push, and node for workflow automation. It references scripts via a path component that points to the parent directory structure (../../dist/scripts). These commands are used to manage repository state as part of the defined shipping process.
- [DATA_EXFILTRATION]: The skill performs git push operations to synchronize local commits with a remote repository. This is an intended network operation required for its core functionality.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. Ingestion points: reads markdown files from the .spec-driven/changes/archive/ directory (such as proposal.md and design.md) to load context. Boundary markers: no delimiters or specific instructions to ignore embedded commands are provided. Capability inventory: the skill can execute shell commands (git, node) and modify repository state. Sanitization: no escaping or validation of the ingested markdown content is performed before processing.
Audit Metadata