cross-project-adapter-migration
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to clone external repositories from user-provided or dynamically discovered URLs using
git clone <source_repo_url> /tmp/<source-cli>. This involves fetching potentially untrusted code into the local environment. - [COMMAND_EXECUTION]: The workflow requires executing multiple shell commands, including
git,ls,npx tsc, and theopenclitool itself to validate and run migrated commands. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it instructs the agent to analyze and 'understand' the source code and documentation of external projects. An attacker could embed malicious instructions within a repository's README or code comments to influence the agent's migration logic or behavior.
- Ingestion points: Content from the cloned repository at
/tmp/<source-cli>(README, entry points, API documentation). - Boundary markers: None specified; the agent is directed to read the content directly to generate command清单 and matrices.
- Capability inventory: Includes repository cloning (
git clone), command execution (opencli), and code submission (git push). - Sanitization: No explicit sanitization or validation of the external project's content is described before the agent processes it.
Audit Metadata