migration
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection through the
$ARGUMENTSvariable and requirement analysis phase. - Ingestion points: Phase 1, Step 1 explicitly parses migration descriptions from
$ARGUMENTSto identify migration types and logic. - Boundary markers: There are no delimiters or instructions to ignore embedded commands within the input data.
- Capability inventory: The skill can generate and write
.csfiles to the filesystem and executedotnet efCLI commands which modify database schemas and data. - Sanitization: No sanitization or validation of the input description is performed before it is used to design and generate migration code.
- [COMMAND_EXECUTION] (HIGH): The skill directly executes shell commands via
dotnet ef. An attacker providing a malicious migration name or argument could potentially perform command injection depending on how the underlying agent handles string interpolation in the shell environment. - [DATA_EXFILTRATION] (MEDIUM): While no direct network calls are visible, the ability to generate arbitrary data migration code (
PlatformDataMigrationExecutor) allows for the creation of logic that could exfiltrate database contents if the migration is applied to a production environment. - [SAFEGUARDS] (INFO): The skill includes a 'CRITICAL' instruction to wait for human approval before creating files (Phase 5). While this provides a human-in-the-loop check, it does not programmatically prevent the generation of malicious code which a user might inadvertently approve.
Recommendations
- AI detected serious security threats
Audit Metadata