fe-migrate
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): Indirect Prompt Injection surface (Category 8). The skill uses Glob/Grep to analyze the current project's source code and structure to formulate a migration plan.
- Ingestion points: Project files (JS, TS, CSS, Config) parsed during the 'Status Analysis' phase.
- Boundary markers: Not explicitly defined in the prompt template.
- Capability inventory: File system read/write, dependency installation (pnpm/npm), and command execution (npx).
- Sanitization: Not explicitly mentioned for parsed content.
- COMMAND_EXECUTION (LOW): The skill suggests and executes commands like
pnpm add -D typescriptandnpx tsc --init. These are consistent with the primary purpose of a migration tool and require user approval before execution.
Audit Metadata