Skills
skills/bratsos/zodipus/zodipus-migration/Gen Agent Trust Hub

zodipus-migration

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • Unverifiable Dependencies & Remote Code Execution (MEDIUM): The skill recommends installing the 'zodipus' package via 'npm install', which is an external dependency from an untrusted source.
  • Evidence: SKILL.md Migration Checklist Phase 1.
  • Indirect Prompt Injection (LOW): The skill is designed to ingest and act upon user-provided project data and migration queries, creating a surface for indirect prompt injection.
  • Ingestion points: User descriptions of existing generators and migration needs (SKILL.md 'When to Apply' triggers).
  • Boundary markers: Absent. There are no explicit delimiters or instructions for the agent to ignore instructions embedded within user-provided schema or code samples.
  • Capability inventory: The skill provides templates for the agent to modify Prisma schemas and TypeScript imports/logic.
  • Sanitization: Absent. There is no validation or escaping logic for user-supplied content before it is processed into code suggestions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 09:28 AM