existing-project-migration
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security risks were identified in the skill.
- [PROMPT_INJECTION]: The skill contains instructions to ignore specific files (AGENTS.md) found in imported artifacts. In this context, these are defensive instructions intended to prevent indirect prompt injection from untrusted source material, rather than malicious attempts to override the agent's safety guidelines.
- [DATA_EXFILTRATION]: The skill operates on local artifacts (.import/ directory). No unauthorized network exfiltration or credential harvesting patterns were found.
- [REMOTE_CODE_EXECUTION]: While the skill mentions cloning templates and installing packages, these are standard operations for a development-focused migration tool and do not involve piped remote execution or untrusted third-party scripts.
- [DATA_EXPOSURE]: The skill handles ZIP artifacts containing project code and databases. It explicitly scopes the use of organizational branding and data to prevent the agent from making incorrect assumptions based on untrusted domain context.
Audit Metadata