Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/documenso-migration-deep-dive/Gen Agent Trust Hub

documenso-migration-deep-dive

Pass

Audited by Gen Agent Trust Hub on Apr 27, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill includes a rollback procedure (scripts/rollback-migration.sh) that executes shell commands using curl to interact with a feature flag API and jq to verify application health.
  • [COMMAND_EXECUTION]: The pre-migration assessment phase uses grep to scan the project's src/ directory to identify existing integration points for legacy signing services.
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface.
  • Ingestion points: The analyzeCodebase function in scripts/analyze-current-system.ts ingests untrusted text from the local source code via grep.
  • Boundary markers: Absent. Output from the codebase scan is directly used to populate the MigrationAssessment object.
  • Capability inventory: The skill has permissions for Read, Write, Edit, and Bash (npm/node), which allow it to modify project configuration and perform network operations.
  • Sanitization: Absent. The skill assumes the local codebase is a trusted source for generating migration metrics and plans.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 27, 2026, 11:20 AM