migration
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is developed by a trusted vendor (Adobe) and provides a secure framework for automating AEM migrations through local script execution and specific architectural guidelines.\n- [SAFE]: Secret handling in OSGi configurations is managed according to security best practices. The instructions require the use of environment-specific placeholders ($[secret:VAR]) and explicitly forbid the agent from printing sensitive values in chat or logs.\n- [COMMAND_EXECUTION]: The skill includes bundled Node.js scripts (
bpa-local-parser.js,unified-collection-reader.js) for local data processing. These scripts utilize standard Node.js built-in modules for file system operations and do not execute external code or perform unauthorized network operations.\n- [PROMPT_INJECTION]: The skill processes untrusted input from migration reports and user project code, which is a surface for Indirect Prompt Injection (Category 8).\n - Ingestion points: BPA CSV reports processed by
scripts/bpa-local-parser.js, OSGi.cfg.jsonfiles, and project source code (Java/HTL).\n - Boundary markers: The skill employs procedural isolation through a "one pattern per session" requirement and delegates transformations to specific, pre-defined reference modules.\n
- Capability inventory: Local file system read/write access, execution of bundled Node.js scripts, and usage of documented MCP tools for target discovery.\n
- Sanitization: Input processing is handled by dedicated local scripts; the agent is provided with strict instructions to maintain data privacy and prevent the disclosure of any secrets identified during the migration process.
Audit Metadata