claude-opus-4-5-migration
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [PROMPT_INJECTION] (SAFE): The skill contains instructions for the agent to modify prompt language, such as softening 'CRITICAL' to 'should'. These are legitimate task-oriented instructions for prompt engineering and do not attempt to bypass core AI safety guardrails or system instructions.
- [DATA_EXFILTRATION] (SAFE): The skill involves searching a user's codebase for specific model strings. It does not attempt to access sensitive system files (like SSH keys), and it lacks any network capabilities (curl, wget, etc.) that would allow for data exfiltration.
- [NO_CODE] (SAFE): The skill is implemented entirely in Markdown and contains no executable scripts, binary files, or dependency management files such as package.json or requirements.txt.
- [Indirect Prompt Injection] (SAFE): The skill has a data ingestion surface as it reads user code, which could theoretically contain instructions targeting the agent. However, the skill's restricted task scope of string replacement and its lack of tool-based execution capabilities mitigate this risk. (1) Ingestion points: Codebase search workflow in SKILL.md. (2) Boundary markers: None provided for the ingested code content. (3) Capability inventory: File reading and text replacement across the project. (4) Sanitization: None observed.
Audit Metadata