Skills
skills/aptos-labs/aptos-agent-skills/modernize-move/Gen Agent Trust Hub

modernize-move

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill analyzes and modifies user-provided Move source code, creating an indirect prompt injection surface where malicious instructions in comments or strings could target the agent's logic.\n
  • Ingestion points: Reads all .move files in the sources/ directory (SKILL.md).\n
  • Boundary markers: Phase 2 (Gate 1) requires explicit user confirmation of the modernization analysis report before any modifications occur.\n
  • Capability inventory: Employs Write, Edit, and Bash (aptos move test) tools across the workflow.\n
  • Sanitization: Uses specific regular expression detection rules in references/detection-rules.md rather than unconstrained interpretation of the source code content.\n- [COMMAND_EXECUTION]: The skill executes shell commands using the Bash tool to run unit tests and check coverage using the project's toolchain.\n
  • Evidence: Explicitly invokes aptos move test and aptos move test --coverage to establish baselines and verify transformations (SKILL.md, references/transformation-guide.md). These are vendor-supplied tools relevant to the skill's primary purpose.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 07:04 AM