gathering-migration
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes vendor-specific tools 'gf' for codebase exploration and 'gw' for version control operations (e.g., 'gw git ship'). These tools are utilized for their primary intended purpose of scouting and committing migration changes.
- [PROMPT_INJECTION]: The skill manages user-defined migration tasks which constitutes an indirect prompt injection surface. Ingestion points: Phase 1 (SUMMON) parses user descriptions of what needs to migrate (e.g., 'Move user preferences'). Boundary markers: Absent; the skill does not employ explicit delimiters or system instructions to ignore embedded commands within the user-provided migration description. Capability inventory: High; the skill has the ability to search the codebase, modify files, commit changes, and load secondary skills ('bloodhound-scout', 'bear-migrate'). Sanitization: Absent; the migration description provided by the user is passed directly into the orchestration workflow without automated validation or filtering. Note: The severity of this finding is reduced to SAFE as it is necessary for the skill's primary function of automated codebase refactoring.
Audit Metadata