component-migration
Warn
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (MEDIUM): The skill documentation requires the installation of the 'nextjs-migration-toolkit' from 'blazity/next-migration-skills'. Since 'blazity' is not on the list of trusted external sources, the integrity of the toolkit cannot be verified. The skill proceeds to execute code from this toolkit.
- Command Execution (MEDIUM): The skill executes a setup script via
bash "$TOOLKIT_DIR/scripts/setup.sh"and several commands vianpx tsx "$TOOLKIT_DIR/src/bin/ast-tool.ts". These scripts are located in a sibling directory that is expected to contain the untrusted toolkit. Executing arbitrary scripts from external, untrusted sources poses a risk of malicious behavior on the host system. - Indirect Prompt Injection (LOW): This skill exhibits a vulnerability surface for indirect prompt injection as it performs AST analysis on user-controlled source code directories.
- Ingestion points: Files located in
<srcDir>,<componentFile>, and<appDir>are read and analyzed by the tool. - Boundary markers: None identified in the provided CLI commands to prevent the LLM from following instructions embedded in code comments or strings.
- Capability inventory: The skill has the ability to execute shell commands and TypeScript code via the toolkit.
- Sanitization: There is no evidence of input sanitization or validation of the code being analyzed before it is processed by the AST tool and potentially exposed to the agent.
- Data Exposure & Exfiltration (SAFE): While the skill reads project source code and configuration files (e.g.,
.migration/target-version.txt), no patterns were detected indicating that this data is being transmitted to an external network.
Audit Metadata