Skills
skills/shipshitdev/library/deploy/Gen Agent Trust Hub

deploy

Pass

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill contains a vulnerability surface for indirect prompt injection because it ingests and processes data from untrusted local project files to determine its execution flow.
  • Ingestion points: The references/workflow.md file defines steps to read package.json, next.config.js, nest-cli.json, and vite.config.js to discover project configuration.
  • Boundary markers: Absent. The skill does not employ delimiters or explicit instructions to ignore potential commands embedded within these configuration files.
  • Capability inventory: The skill instructions involve executing significant shell commands via npm, docker, aws, vercel, serverless, and the GitHub CLI (gh).
  • Sanitization: Absent. There is no evidence of content validation or escaping of the data retrieved from project files before it is processed by the agent.
  • [COMMAND_EXECUTION]: The skill defines numerous shell command sequences for building, testing, and deploying code using standard developer tooling, as seen in SKILL.md and references/workflow.md.
  • [EXTERNAL_DOWNLOADS]: The skill instructions involve running packages from external registries via npx and bunx, specifically targeting tools like Biome and Turbo.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 22, 2026, 07:31 AM