migration-planning
Warn
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): Executes a local shell script 'setup.sh' via the bash command from a relative path ('../nextjs-migration-toolkit/scripts/setup.sh'). This poses a risk if the toolkit directory contains malicious code.
- [COMMAND_EXECUTION] (MEDIUM): Uses 'npx tsx' to execute TypeScript files from the external toolkit. Running scripts from third-party sources is a potential vector for arbitrary code execution.
- [EXTERNAL_DOWNLOADS] (LOW): Instructs the user to download and install a toolkit from 'blazity/next-migration-skills', which is not a verified trusted source.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill ingests untrusted data from the local project (routes, components, package.json) via AST analysis (Step 1). If this data is directly interpolated into the LLM context for Step 4 (Generating Migration Plan) without sanitization, an attacker could embed malicious instructions in code comments or metadata. Capability inventory includes file-write (plan.md) and command execution (npx/bash).
Audit Metadata