Deprecation Handler
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Vulnerable to Indirect Prompt Injection. The skill ingests untrusted data from the user codebase (via Read, Grep, Glob) and has high-privilege execution capabilities. An attacker could embed malicious instructions in code comments or documentation that the agent might follow while performing migrations. Evidence: Step 1 and 4 workflows show deep ingestion of external code without delimiters or sanitization.
- [REMOTE_CODE_EXECUTION] (HIGH): The skill requires executing local scripts such as 'npm test' and 'npm run build'. These commands execute logic defined in the project's 'package.json'. In an untrusted environment, these scripts can execute arbitrary malicious code on the host system. Evidence: Step 5 (Validate Changes) explicitly instructs the agent to run 'npm test' and 'npm run build'.
- [COMMAND_EXECUTION] (MEDIUM): The allowed-tools configuration for Bash uses broad wildcards ('npx:', 'npm:', 'yarn:*'), granting the agent excessive permission to execute any command or install any package via these managers.
- [DATA_EXFILTRATION] (LOW): Commands like 'npm outdated' and 'yarn outdated' perform network requests to public registries. While standard for the task, it constitutes outbound network communication that could be exploited if combined with sensitive data access.
Recommendations
- AI detected serious security threats
Audit Metadata