ship-playbook
Warn
Audited by Socket on Jul 6, 2026
1 alert found:
AnomalyAnomalySKILL.md
LOWAnomalyLOW
SKILL.md
SUSPICIOUS: the skill’s core behavior matches its stated delivery-orchestration purpose, and there is no clear credential theft or exfiltration path. Risk comes from broad agent/Bash/Workflow execution plus explicit installation of additional skills and agents through third-party CLIs, creating a transitive trust and supply-chain footprint larger than a simple workflow wrapper.
Confidence: 86%Severity: 68%
Audit Metadata