framework-migration-assistant
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs shell command execution to manage the migration workflow.\n
- Evidence: The script
scripts/migrate.pyusessubprocess.runto execute various Git commands, includinggit rev-parse,git checkout,git add, andgit committo handle branch management and versioning of the changes.\n- [CREDENTIALS_UNSAFE]: The skill interacts with sensitive configuration files that are known to contain credentials.\n - Evidence:
scripts/migrate_config.pyis designed to read and modify.envfiles, which are standard locations for storing sensitive secrets, API keys, and other private configuration data.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted source code and possesses significant capabilities.\n - Ingestion points:
scripts/migrate.pyand its migration modules ingest the entire content of a user-provided repository, including Python source files, requirements lists, and configuration manifests.\n - Boundary markers: No boundary markers or 'ignore embedded instructions' warnings are implemented to protect the agent while it processes external repository content.\n
- Capability inventory: The skill has the authority to overwrite any file within the provided repository path and can execute Git commands via subprocess.\n
- Sanitization: The code transformation logic in
scripts/migrate_routes.pyandscripts/migrate_tests.pyrelies on simple regular expressions. This method is not robust and could be exploited by maliciously crafted input strings in the target codebase to inject unwanted or malicious code during the transformation process.
Audit Metadata