auth0-migration
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill creates a vulnerability surface by instructing the agent to search the project codebase for specific authentication patterns to determine the migration path.
- Ingestion points: Local project files searched for patterns like 'signInWithEmailAndPassword' or 'JWT' (Step 0).
- Boundary markers: Absent. The agent is not warned to ignore instructions found within the code being analyzed.
- Capability inventory: The skill enables the agent to execute Auth0 CLI commands and modify application code across various frameworks.
- Sanitization: Absent. There is no evidence of filtering or validation of the content found during the codebase search.
- [Data Exposure & Exfiltration] (SAFE): The skill provides instructions for exporting and importing sensitive user data, including password hashes and email addresses. While this is high-risk behavior, it is the primary and intended purpose of an 'auth0-migration' skill. The commands and URLs provided target legitimate Auth0 services (auth0.com), and the credentials mentioned (con_ABC123) are placeholders.
- [Command Execution] (SAFE): The skill includes an example command using the Auth0 CLI ('auth0 api post'). This is a standard administrative task for the target service and does not involve obfuscation or privilege escalation.
Audit Metadata