validation-testing
Warn
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Dynamic Execution] (MEDIUM): The skill constructs paths at runtime using the
$SKILL_PATHvariable to execute a setup shell script and an AST tool. This dynamic loading of executable content from computed paths is a security risk as it relies on the integrity of the sibling directory structure. Evidence:bash "$TOOLKIT_DIR/scripts/setup.sh"andnpx tsx "$TOOLKIT_DIR/src/bin/ast-tool.ts". - [Unverifiable Dependencies & Remote Code Execution] (MEDIUM): The skill depends on scripts from a sibling directory (
nextjs-migration-toolkit) which the documentation suggests should be installed from the 'blazity/next-migration-skills' repository. Since 'blazity' is not a trusted organization, this constitutes a risk of executing unvetted code. Evidence: Instructions to install vianpx skills add blazity/next-migration-skills. - [Indirect Prompt Injection] (LOW): The skill ingests application directories and files for validation and transformation, exposing a surface for indirect prompt injection if an attacker can influence the files being migrated.
- Ingestion points:
<appDir>and<file>variables passed as arguments to validation tools. - Boundary markers: Absent; untrusted paths and file names are interpolated directly into shell commands without delimiters or warnings.
- Capability inventory: Subprocess execution (bash, npx), file system reading, and execution of build/test pipelines (npm test, next build).
- Sanitization: Absent; no validation or escaping is performed on the provided file paths before they are used in shell commands.
Audit Metadata