springboot-migration
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses a local Python script (scripts/scan_migration_issues.py) to analyze the structure and dependencies of Spring Boot projects. This script operates as a read-only scanner on the local filesystem and does not perform any destructive actions or network communication.
- [EXTERNAL_DOWNLOADS]: The documentation provides reference links to official Spring Project, Testcontainers, and Hibernate documentation. These links point to well-known, trusted domains and provide necessary technical context for the migration process.
- [DATA_EXFILTRATION]: While the skill scans local project metadata and source code, it lacks the ability to transmit this data over the network. All processing occurs locally within the execution environment.
- [PROMPT_INJECTION]: The skill's instructions are focused on technical migration workflows and do not include patterns typical of prompt injection, such as instructions to ignore safety filters or reveal system prompts.
- [SAFE]: No obfuscated content, persistence mechanisms, or privilege escalation attempts were identified across the skill's scripts and documentation. The technical details regarding annotation renames and dependency updates reflect legitimate framework evolution paths.
Audit Metadata