The Agent Skills Directory

[COMMAND_EXECUTION]: The skill dynamically generates shell commands, including grep, sed, and xargs, using input from the user-provided migration description. If these inputs (such as import paths or package names) contain shell metacharacters like semicolons, backticks, or pipes, it could lead to unauthorized command execution on the host system.
[PROMPT_INJECTION]: The skill implements an indirect prompt injection surface by reading and displaying the content of files from the repository during the manifest and verification steps. Hidden instructions within these files could potentially influence the agent's behavior.
Ingestion points: Repository files located in the apps/ and packages/ directories are read using grep and cat in SKILL.md.
Boundary markers: There are no protective delimiters or safety instructions provided to the agent to help it distinguish between file data and operational instructions.
Capability inventory: The skill utilizes powerful capabilities, including arbitrary shell execution via sed and npx, as well as version control operations through git commit.
Sanitization: No explicit sanitization or validation of the ingested repository content is performed before processing.

migrate