mode-migrate
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill uses standard package management commands like
npm update,pip install, andgo get. These are appropriately scoped to the stated purpose of software migration and dependency management. - [EXTERNAL_DOWNLOADS] (SAFE): While the skill facilitates the installation of packages, it directs the agent to use official, trusted package registries (npm, PyPI, Go Proxy). It does not contain instructions to download and execute arbitrary scripts from untrusted sources.
- [PROMPT_INJECTION] (SAFE): The instructions are clearly defined and do not contain patterns intended to bypass AI safety guardrails or ignore system instructions.
- [DATA_EXFILTRATION] (SAFE): There are no network requests to unknown domains or commands that access sensitive files such as SSH keys, environment variables, or AWS credentials.
- [INDIRECT_PROMPT_INJECTION] (LOW): As a migration tool, the skill naturally processes external data (changelogs, package lists). However, it includes safety principles like 'Read migration guides thoroughly' and 'Test in staging first', which serve as human-in-the-loop and verification mitigations.
Audit Metadata