Skills
skills/j5ik2o/okite-ai/migrate-skill-to-agent/Gen Agent Trust Hub

migrate-skill-to-agent

Pass

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local bash script scripts/migrate.sh to reorganize directory structures. Evidence: The script uses commands like mv, ln -s, mkdir -p, and rm on paths derived from user-provided arguments. Mitigation: The script employs set -euo pipefail and consistently double-quotes variables to prevent word splitting and basic command injection vulnerabilities.
  • [PROMPT_INJECTION]: Indirect prompt injection surface analysis performed. 1. Ingestion points: The skill-name and project-root arguments provided by the user via the AI agent. 2. Boundary markers: No explicit delimiters or instructions to ignore embedded content are used in the prompt template. 3. Capability inventory: Significant file system capabilities including moving, linking, and removing directories. 4. Sanitization: The shell script uses variable quoting; however, it lacks explicit validation against path traversal (e.g., checking for .. in the skill name).
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 3, 2026, 04:52 PM