Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/migrating-apis/Gen Agent Trust Hub

migrating-apis

Pass

Audited by Gen Agent Trust Hub on Mar 28, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting and acting upon external API specification files.
  • Ingestion points: API specifications are read from the ${CLAUDE_SKILL_DIR}/api-specs/ directory using the Read tool as described in references/implementation.md.
  • Boundary markers: No specific delimiters or "ignore embedded instructions" warnings are implemented when interpolating data from these specifications into the agent's migration tasks.
  • Capability inventory: The agent possesses the capability to Write and Edit files, and can execute specialized shell commands via the restricted Bash(api:migrate-*) tool.
  • Sanitization: No explicit semantic validation or sanitization of the content within the external API specifications is defined before the agent processes the data to generate adapters or routing logic.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 28, 2026, 11:38 AM