migrate-rules
Pass
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill performs a network request to fetch a version manifest from 'https://raw.githubusercontent.com/dev-goraebap/agent-collabo/main/manifest.json'. This is a standard update-check mechanism targeting a repository owned by the skill's author on a well-known service.
- [COMMAND_EXECUTION]: The workflow involves reading, writing, and deleting local configuration files (e.g., .cursorrules, CLAUDE.md). The skill documentation explicitly states that it must not delete files without user approval, mitigating the risk of accidental data loss.
- [PROMPT_INJECTION]: While the skill ingests content from external configuration files that could potentially contain indirect prompt injections, it merely reorganizes this text into a new file and does not execute the content as code or commands. This significantly reduces the risk associated with processing untrusted data.
Audit Metadata