migrate-module
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONNO_CODE
Full Analysis
- Prompt Injection (SAFE): No patterns or instructions attempting to override agent constraints, bypass safety filters, or extract system prompts were detected.
- Data Exposure (SAFE): The documentation includes hardcoded local file paths specific to the author's environment (e.g., /Users/yuchendu/Desktop/...). While these reveal directory structures, they do not constitute exposure of sensitive system files, credentials, or private keys.
- COMMAND_EXECUTION (SAFE): The skill instructs the agent to execute routine development commands, such as 'pip install -e .' and running test cases. These actions are necessary for the skill's stated purpose of migrating and verifying code and do not involve unauthorized privilege escalation.
- Indirect Prompt Injection (SAFE): The skill involves reading and analyzing user-provided source code files, creating a data ingestion surface.
- Ingestion points: SKILL.md Step 1.2 ('Read the entire source file').
- Boundary markers: Absent; the agent is instructed to read raw source files directly.
- Capability inventory: File system write access (Step 3.1) and terminal execution (Step 5.2).
- Sanitization: Absent.
- Reasoning: While the surface exists, it is intrinsic to the primary purpose of code migration. The risk is minimized by the local context of the operation.
- NO_CODE (SAFE): The skill contains only Markdown instructional files and reference documents; it does not distribute executable scripts or binaries.
Audit Metadata