technology-porter
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests untrusted code from an external file specified by the user. While the skill's logic focuses on counting patterns, malicious content in the source file could theoretically influence the agent's interpretation of the resulting migration recommendations.
- Ingestion points: The skill reads external content in 'src/index.ts' via the 'input' argument.
- Boundary markers: No boundary markers or safety instructions are used to separate untrusted source code from the agent's logic.
- Capability inventory: The skill uses 'safeWriteFile' to output results to the filesystem.
- Sanitization: There is no sanitization of the input content before it is used to generate complexity metrics or summary recommendations.
Audit Metadata