The Agent Skills Directory

[SAFE]: Detailed analysis of the skill's instructions, reference guides, and supporting scripts reveals no security threats. The skill is functionally aligned with its stated purpose of software maintenance.
[COMMAND_EXECUTION]: The skill uses a local Python script (scan_migration_issues.py) to analyze the target project. The script is designed to read and parse Maven configuration files, Java source files, and property files using regular expressions. It does not invoke system shell commands, perform administrative actions, or access sensitive system directories.
[EXTERNAL_DOWNLOADS]: Migration guides contain links to official technical documentation and community examples from trusted sources such as Spring (VMware), Testcontainers, and established industry experts. These references are for human/agent reading only and do not trigger automatic downloads or runtime execution of remote code.
[DATA_EXFILTRATION]: No exfiltration risks were identified. The scanner script operates entirely on the local file system and lacks any network-facing logic or hardcoded external endpoints.
[PROMPT_INJECTION]: The skill handles untrusted project data through the migration scanner. However, the risk of indirect prompt injection is mitigated because the scanner only performs read-only regex matching for specific technical patterns (e.g., dependency names, class imports), and the output is used within a structured migration framework rather than as direct instructions for the model's core safety logic.

springboot-migration