Skills
skills/ron-myers/candid/candid-fast-ship/Gen Agent Trust Hub

candid-fast-ship

Pass

Audited by Gen Agent Trust Hub on Apr 25, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill is designed to execute arbitrary shell commands defined in the project's .candid/config.json file (specifically installCommand, buildCommand, testCommand, and postMergeCommand). While this is the intended purpose of a shipping tool, it allows for command execution based on local configuration content.
  • [INDIRECT_PROMPT_INJECTION]: The skill possesses a vulnerability surface for indirect prompt injection. It ingests untrusted data from the local configuration file and interpolates it into agent prompts.
  • Ingestion points: .candid/config.json (fields: ship.additionalPrompt, ship.issueTracker.prompt).
  • Boundary markers: None specified in the instructions to isolate these strings from the base instructions.
  • Capability inventory: The agent has the capability to execute subprocesses (shell commands), create pull requests, and update external issue trackers.
  • Sanitization: There is no mention of escaping or validating the content of these prompt fields before they are processed by the agent.
  • [EXTERNAL_DOWNLOADS]: The skill includes a reference to an external GitHub repository (github.com/ron-myers/candid) in the pull request footer. This repository is owned by the skill's author.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 25, 2026, 06:55 PM
Security Audit — agent-trust-hub — candid-fast-ship