ln-831-oss-replacer
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches configuration and reference files from the author's official GitHub repository (
github.com/levnikolaevich/claude-code-skills) to support its migration logic when local files are missing. - [COMMAND_EXECUTION]: Employs the
Bashtool to perform package installations, update source code imports, execute test suites, and remove deprecated modules as part of its atomic keep/discard workflow. - [REMOTE_CODE_EXECUTION]: Installs third-party open-source packages and executes them during the verification phase to confirm the compatibility of replacement modules.
- [PROMPT_INJECTION]: The skill processes external migration plans and audit reports to drive automated code modifications and package installations, creating a surface for indirect instructions.
- Ingestion points: Reads audit reports (default
docs/project/codebase_audit.md), target module source files, and remote reference documents. - Boundary markers: No explicit boundary markers or delimiters for untrusted data are specified in the instructions.
- Capability inventory: High-privilege access via
Bash(used fornpm/pipinstallation, test execution, and file deletion) andWebFetch. - Sanitization: Relies on confidence thresholds (skipping LOW confidence) and automated test verification as validation gates before finalizing changes.
Audit Metadata