update
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes various shell commands to detect package versions (npm ls), install dependencies (npm install, pnpm add), and verify the migration via build and test suites (npx tsc, pnpm build, pnpm test). These are standard operations for development tools of this nature.- [EXTERNAL_DOWNLOADS]: Downloads and updates libraries from the npm registry. The packages involved are either maintained by the skill's vendor (@assistant-ui/*) or are well-known industry standards (ai, zod).- [REMOTE_CODE_EXECUTION]: Uses npx to download and execute official migration tools, specifically @ai-sdk/codemod and assistant-ui upgrade. These are provided by trusted organizations (Vercel) and the skill's author, respectively.- [PROMPT_INJECTION]: The skill creates an indirect prompt injection vulnerability surface because it is designed to ingest and process untrusted data from the local codebase to determine its actions.
- Ingestion points: The migration guides instruct research sub-agents to scan all source files for AI SDK patterns and analyze all package.json files within the repository.
- Boundary markers: The instructions lack explicit delimiters or safety prompts to ensure the agent ignores instructions that might be embedded in the code or comments it analyzes.
- Capability inventory: The agent possesses the ability to execute shell commands, perform package installations, and modify repository files across the entire codebase.
- Sanitization: No explicit sanitization or validation of the data extracted from the codebase is performed before it influences the migration logic.
Audit Metadata