Skills
skills/base/base-skills/migrating-an-onchainkit-app/Gen Agent Trust Hub

migrating-an-onchainkit-app

Pass

Audited by Gen Agent Trust Hub on Mar 15, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill's primary function is a legitimate developer utility for library migration and uses standard web3 development patterns.
  • [EXTERNAL_DOWNLOADS]: The skill references the installation of well-known, community-vetted packages from the npm registry, including wagmi, viem, and @tanstack/react-query.
  • [COMMAND_EXECUTION]: The workflow includes running npm run build to validate code changes, which is a routine and expected part of the development lifecycle.
  • [PROMPT_INJECTION]: While the skill involves scanning project source code (Indirect Prompt Injection surface), this is required for its primary migration task. Evidence chain for Indirect Prompt Injection surface:
  • Ingestion points: Project source files searched for import patterns (SKILL.md, Step 1).
  • Boundary markers: None.
  • Capability inventory: Execution of npm run build (SKILL.md, validation gates).
  • Sanitization: None; the agent processes files directly based on search patterns.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 15, 2026, 01:15 PM