skills/jeremylongshore/claude-code-plugins-plus-skills/guidewire-migration-deep-dive/Gen Agent Trust Hub
guidewire-migration-deep-dive
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a guide for Guidewire migrations and does not exhibit malicious behavior.
- [COMMAND_EXECUTION]: The skill requests permissions for
Bash(curl:*)andBash(gradle:*). These tools are standard for enterprise software migrations involving cloud APIs and build systems. No arbitrary or high-risk command execution was detected. - [DATA_EXFILTRATION]: The migration logic described in the implementation guide handles sensitive customer data (PII). The provided code examples demonstrate best practices such as PII encryption and record validation. There is no evidence of unauthorized data transfer or hardcoded credentials.
- [INDIRECT_PROMPT_INJECTION]: The skill defines a surface for processing untrusted data (legacy database records) using powerful tools (Bash, Write). While no malicious injection was found, the capability to read external data and execute commands represents a standard risk surface for migration-focused agents. The skill explicitly mentions data validation and sanitization steps.
Audit Metadata