migrating-airflow-2-to-3
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): Analysis of the skill instructions and metadata reveals no malicious patterns or security vulnerabilities.
- [COMMAND_EXECUTION] (SAFE): The skill includes a PostToolUse hook that executes a benign echo command. The suggested migration command (ruff) is a standard static analysis tool.
- [EXTERNAL_DOWNLOADS] (SAFE): The skill recommends installing official and trusted packages from the Apache Software Foundation.
- [DATA_EXFILTRATION] (SAFE): Code examples correctly demonstrate the use of environment variables (os.getenv) for API tokens, adhering to security best practices for credential handling.
- [INDIRECT_PROMPT_INJECTION] (SAFE): The skill analyzes user-provided DAG code, creating a potential surface for indirect injection. 1. Ingestion points: Reading of project DAG files and operators. 2. Boundary markers: None. 3. Capability inventory: Command execution via hooks (echo) and manual linting (ruff). 4. Sanitization: None required for the static analysis use case. This surface is considered safe given the skill's intended functionality.
Audit Metadata