pli-migration-analyzer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is highly vulnerable to Category 8 attacks because it ingests untrusted external data and possesses significant execution capabilities.
- Ingestion points: Reads and parses
.pli,.PLI, and.pl1source files from the workspace. - Boundary markers: Absent. There are no instructions or delimiters to help the agent distinguish between code to be analyzed and potential malicious instructions embedded in comments or strings.
- Capability inventory: Executes local Python and Shell scripts, performs filesystem searches, and generates architectural design documents.
- Sanitization: Absent. No logic is provided to filter or escape legacy code content before processing.
- Command Execution (MEDIUM): The workflow relies on executing several local scripts (
extract-structure.py,analyze-dependencies.sh,estimate-complexity.py,generate-java-classes.py) and shell commands (find). While these are functionally relevant, they represent a significant side-effect surface. - Unverifiable Dependencies (LOW): The skill references multiple external scripts and reference files (e.g.,
references/pli-reference.md,assets/migration-report-template.md) that are not included in the provided file, making a complete security audit of the execution logic impossible.
Recommendations
- AI detected serious security threats
Audit Metadata