migrate
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Vulnerable to Indirect Prompt Injection (Category 8). The skill processes untrusted user descriptions to generate SQL and Python code. Ingestion points: User requests in Step 1 and existing migration files in the reference section. Capability inventory: 'Write', 'Edit', and 'Bash' tools used to modify 'src/core/models.py' and create files in 'supabase/migrations/'. Boundary markers: None. Sanitization: None. A malicious user or external data source could influence the agent to perform destructive database operations, such as dropping tables, or inject malicious code into the repository.
- [COMMAND_EXECUTION] (MEDIUM): The skill utilizes the 'Bash' tool for timestamp generation and file listing. While the defined tasks are routine, the combination of shell access and untrusted input processing allows for potential escalation to arbitrary command execution if the agent's logic is bypassed via injection.
Recommendations
- AI detected serious security threats
Audit Metadata