angular-migration
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): The instructions follow a standard procedural format for software migration. No bypass attempts, role-play instructions, or system prompt extraction patterns were found.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials or sensitive file paths (e.g., .ssh, .env) are accessed. Network operations in code examples use relative API paths (e.g., /api/users/) which is standard practice for frontend applications.
- Obfuscation (SAFE): No Base64, zero-width characters, homoglyphs, or encoded strings were found in any of the files.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill does not perform any remote script downloads, package installations, or piped shell executions. While it mentions a script 'scripts/analyze-angular-app.sh', the content of that script was not provided and the markdown description suggests a diagnostic purpose.
- Privilege Escalation (SAFE): No use of sudo, chmod, or administrative command patterns detected.
- Persistence Mechanisms (SAFE): No attempts to modify shell profiles, cron jobs, or registry keys were found.
- Indirect Prompt Injection (SAFE): While the skill's purpose is to analyze and transform code, it lacks the execution capabilities (e.g., file-write or subprocess calls) in the provided files to act on potentially malicious instructions embedded in source code being migrated.
- Dynamic Execution (SAFE): The code snippets use standard Angular bootstrapping and dependency injection. No use of eval(), exec(), or unsafe deserialization (e.g., pickle) was found.
Audit Metadata