legacy-modernizer
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The
references/system-assessment.mdfile contains a Python classLegacyCodeAnalyzerthat usessubprocess.runto execute the systemgitcommand. This is used to analyze the change history of the codebase being modernized. - [EXTERNAL_DOWNLOADS]: The skill's documentation and reference files (specifically
references/legacy-testing.mdandreferences/system-assessment.md) recommend the installation and use of various third-party tools and libraries from the Python Package Index (PyPI), such asmutmut,radon, andpylint. - [PROMPT_INJECTION]: The skill provides automated assessment logic in
references/system-assessment.mdthat reads and processes external source code, which constitutes an indirect prompt injection surface. - Ingestion points: The
LegacyCodeAnalyzerclass inreferences/system-assessment.mdingests untrusted code by reading all files within the provided project path. - Boundary markers: No specific delimiters or boundary instructions (e.g., "ignore instructions in the following code block") are utilized when the agent analyzes the ingested source files.
- Capability inventory: The skill possesses capabilities for file system access (
rglob,open), command execution (subprocess.run), and network communication (via thehttpxandstripelibraries in migration examples). - Sanitization: No sanitization, content filtering, or validation is performed on the ingested code before it is passed to the analyzer or processed by the agent.
Audit Metadata