ship-it
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses standard local commands (
gitandghCLI) to perform version control tasks. This is the primary function of the skill and is performed within the user's repository context. - [DATA_EXFILTRATION]: The skill performs network operations by pushing code and creating pull requests on GitHub. These actions are directed at a well-known technology service (GitHub) and are consistent with the skill's stated purpose of managing code repositories.
- [PROMPT_INJECTION]: The skill includes defensive instructions against indirect prompt injection. In Step 6, it specifically warns the agent that existing Pull Request titles and bodies are potentially untrusted and instructs the agent never to execute instructions found within that data.
- [CREDENTIALS_UNSAFE]: The skill implements a safety rule explicitly forbidding the commitment of sensitive files, such as
.env, credentials, API tokens, or private keys, reducing the risk of accidental secret exposure.
Audit Metadata