dependency-mapping
Warn
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): Executes shell scripts and TypeScript files (
setup.sh,ast-tool.ts) located in a sibling directory. This creates a dependency on external code that is not distributed with the primary skill. - [EXTERNAL_DOWNLOADS] (MEDIUM): Prompts the user to install a toolkit from
blazity/next-migration-skills. This repository is not within the trusted organizations list, posing a potential risk of supply chain attack if the third-party account is compromised. - [REMOTE_CODE_EXECUTION] (MEDIUM): The skill uses
npx tsxto execute a local script file. While the file is local at runtime, it is part of an external package that the skill explicitly directs the agent to download and execute. - [PROMPT_INJECTION] (LOW): Potential surface for indirect prompt injection via the processing of untrusted project files (
package.json). Evidence Chain: 1. Ingestion points: . 2. Boundary markers: Absent. 3. Capability inventory: bash, npx, npm, file writes. 4. Sanitization: Absent.
Audit Metadata