ln-830-code-modernization-coordinator
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches configuration and script files from the author's GitHub repository (https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path}) if they are not found in the local environment.
- [COMMAND_EXECUTION]: Executes Node.js scripts using a CLI tool (cli.mjs) to manage modernization phases and worker state.
- [PROMPT_INJECTION]: The skill processes untrusted external data such as audit reports and project configuration files, creating a surface for indirect prompt injection.
- Ingestion points: Audit reports, project configuration files (e.g., package.json, requirements.txt), and remote files fetched via GitHub.
- Boundary markers: The skill requires machine-readable JSON for worker results, but lacks explicit delimiters for instructions within prose inputs like audit reports.
- Capability inventory: File system access within the .hex-skills directory, execution of Node.js scripts, and delegation to other agent skills.
- Sanitization: No validation or sanitization of input data is specified in the skill instructions.
Audit Metadata