migrate-to-skills
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute standard filesystem commands like find, ls, and head. These operations are used to discover legacy configuration files and verify the integrity of newly created skills. This behavior is necessary for the skill's primary function and is restricted to local project directories.
- [PROMPT_INJECTION]: A surface for indirect prompt injection exists because the skill reads and processes untrusted data from legacy configuration files.
- Ingestion points: The skill uses find and Read tools to ingest content from files located in .claude/, .cursor/, and .codex/ directories.
- Boundary markers: Discovery results are presented in a structured markdown table for review, and the workflow includes a mandatory user approval step (Phase 3) before any modifications occur.
- Capability inventory: The skill possesses Bash, Write, and Edit capabilities to manage the filesystem.
- Sanitization: No automated sanitization of ingested content is performed; the skill relies on manual user verification to mitigate the risk of malicious instructions being carried over into new skill definitions.
- [EXTERNAL_DOWNLOADS]: No external code or package downloads were detected. The skill only references the agentskills.io domain for documentation purposes.
Audit Metadata