shiplight-project
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements a 'Knowledge Management' system (documented in SKILL.md and references/knowledge.md) where agents are instructed to read and write notes in the 'knowledge/' directory. This creates a surface for indirect prompt injection across agent sessions.
- Ingestion points: The agent reads from the 'knowledge/' directory on every invocation to retrieve notes from previous agents.
- Boundary markers: Absent. No specific delimiters or instructions to ignore embedded commands within the knowledge notes are provided.
- Capability inventory: The agent has the capability to execute shell commands (npm, npx) and modify various project files, including TypeScript helper functions, authentication fixtures, and package dependencies.
- Sanitization: Absent. There is no mention of validation or sanitization for the content of knowledge notes.
- [COMMAND_EXECUTION]: The skill supports dynamic JavaScript execution through 'js:' blocks in YAML test definitions, allowing for the execution of arbitrary scripts within the browser context.
- [COMMAND_EXECUTION]: The agent is permitted to modify 'package.json' to change commands or dependencies and 'playwright.config.ts' for project-level behavior, which are potential vectors for introducing malicious code.
- [COMMAND_EXECUTION]: The agent is instructed to run 'npm test' and 'npx playwright test', providing a path for executing generated or modified code within the project.
Audit Metadata