spring-mvc-to-boot-migrator
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill's behavior is consistent with its stated purpose of automating framework migration through local file manipulation and Git operations.- [COMMAND_EXECUTION]: The skill utilizes
subprocess.runwithinscripts/migrate.pyto execute standard Git commands such asgit checkout,git add, andgit commit. These operations are performed within the target repository path to track the migration process and are safe in this context.- [INDIRECT_PROMPT_INJECTION]: The skill exhibits a potential attack surface by ingesting and processing untrusted code from the user-provided repository path. - Ingestion points: Files including Java source code, XML configurations, and properties files are read in
scripts/migrate.py,scripts/migrate_annotations.py,scripts/migrate_config.py, andscripts/migrate_tests.py. - Boundary markers: None present; the skill treats all project files as data for transformation.
- Capability inventory: The skill possesses the capability to write to the local file system and execute Git commands via subprocesses.
- Sanitization: The skill performs transformations using regular expressions and standard XML parsing libraries (
xml.etree.ElementTree). It does not execute the contents of the files it processes, nor does it interpolate untrusted data into LLM prompts in an unsafe manner.
Audit Metadata