skills/jeremylongshore/claude-code-plugins-plus-skills/guidewire-upgrade-migration/Gen Agent Trust Hub
guidewire-upgrade-migration
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs database and build operations using system commands such as pg_dump, psql, and ./gradlew. These operations are central to the migration task but involve the handling of sensitive database credentials via command-line arguments.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by ingesting untrusted data from project files in modules/configuration/gsrc and modules/configuration/config. It lacks boundary markers and sanitization while possessing capabilities like file writing and bash execution.
Audit Metadata