Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/migrating-apis/Gen Agent Trust Hub

migrating-apis

Pass

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes a specialized CLI tool pattern api:migrate-* via the Bash tool to generate code scaffolding and manage migration tasks.
  • [PROMPT_INJECTION]: The skill processes untrusted data in the form of API specifications, which creates an indirect prompt injection surface. (1) Ingestion points: The agent reads files from the {baseDir}/api-specs/ directory. (2) Boundary markers: There are no explicit instructions or delimiters defined to prevent the agent from following instructions embedded within the specification files. (3) Capability inventory: The skill possesses significant capabilities including Write, Edit, and Bash(api:migrate-*) which could be targeted by an injection attack. (4) Sanitization: No validation or sanitization steps are defined for the input specifications.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 11, 2026, 11:57 PM