python-package-migrator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill possesses an attack surface for indirect prompt injection by processing untrusted project data to influence agent actions.
- Ingestion points: The skill reads files within the user-provided
project_pathsuch asrequirements.txtorpyproject.toml(as specified in SKILL.md). - Boundary markers: Absent. There are no instructions provided to the agent to treat the content of these files as untrusted or to use delimiters.
- Capability inventory: The skill description explicitly mentions the ability to 'execute upgrades,' which implies the use of shell commands or subprocesses for package managers like
piporpoetry. - Sanitization: No sanitization or validation logic is defined for the external data ingested.
- [No Code] (SAFE): The provided files (SKILL.md and skill.yaml) contain only metadata and natural language instructions. No Python scripts, binaries, or configuration files that could be executed at runtime are present.
Audit Metadata