cobol-migration-analyzer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Data Exposure & Exfiltration] (SAFE): The skill processes local COBOL and JCL files to generate migration reports. No network operations, data exfiltration, or hardcoded credentials were found.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): Python scripts use only the standard library. Bash and PowerShell scripts use standard system utilities. No remote scripts are downloaded or executed.
- [Command Execution] (SAFE): Commands are limited to file discovery and executing the provided parsing scripts. No high-risk operations such as sudo, chmod 777, or persistence mechanisms were detected.
- [Indirect Prompt Injection] (LOW): The skill ingests untrusted source code as an input surface. However, its operation is limited to regex-based structural parsing, which does not involve dynamic execution of the source data.
- [Obfuscation] (SAFE): All files are provided in clear text without any hidden characters, Base64 encoding, or homoglyph-based obfuscation.
Audit Metadata