ln-831-oss-replacer
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill performs automated installation of external packages via npm, pip, and dotnet based on recommendations from a migration plan.
- [COMMAND_EXECUTION]: Shell commands are utilized for package management, running test verification suites, and modifying the filesystem (deleting modules and reverting changes via git).
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) due to its ingestion of untrusted data from project documentation.
- Ingestion points: Migration plans and package names are loaded from docs/project/codebase_audit.md in Phase 1.
- Boundary markers: The workflow does not implement delimiters or explicit instructions to ignore embedded malicious content within the audit report.
- Capability inventory: The toolchain possesses the capability to download external code, execute tests, and delete files within the project.
- Sanitization: Safety checks are primarily dependent on a confidence field that is itself part of the untrusted input file.
Audit Metadata