migration-assessment
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS / REMOTE_CODE_EXECUTION (HIGH): The skill instructs the installation of an external toolkit via 'npx skills add blazity/next-migration-skills' and subsequently executes a setup script ('bash setup.sh') from that toolkit. The source organization 'blazity' is not included in the trusted provider list, presenting a high risk if the repository is compromised.\n- COMMAND_EXECUTION (HIGH): The skill executes multiple shell commands using placeholders such as '', '', and ''. If these placeholders are populated with unsanitized user input, it allows for arbitrary command injection (e.g., using ';' or '&&').\n- DYNAMIC_EXECUTION (MEDIUM): The skill dynamically constructs script paths and executes them ('bash "$TOOLKIT_DIR/scripts/setup.sh"'). It also uses 'npx tsx' to run TypeScript files from the downloaded external dependency.\n- INDIRECT_PROMPT_INJECTION (LOW): The skill processes untrusted codebase data (source code and configuration) to generate reports.\n
- Ingestion points: Project files including package.json, next.config.js, and directory structures.\n
- Boundary markers: Absent. The skill does not use delimiters or warnings to ignore instructions embedded in code.\n
- Capability inventory: Shell execution (bash), external tool execution (npx), and project file writes.\n
- Sanitization: None. The skill reads file contents and directory names directly into the analysis logic.
Recommendations
- AI detected serious security threats
Audit Metadata