Create database migration
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill instructions in SKILL.md direct the agent to execute shell commands including 'slimer migration' and 'yarn knex-migrator'. This creates a capability for command execution that could be exploited if an agent is directed by an untrusted user to include malicious arguments in migration names or version parameters.\n- INDIRECT_PROMPT_INJECTION (LOW): The skill exhibits an attack surface for indirect injection where user requests influence system-level operations. \n
- Ingestion points: User-specified migration names and schema modification details (SKILL.md, steps 2 and 4).\n
- Boundary markers: The instructions include process-level constraints (e.g., 'IMPORTANT: do not create the migration file manually'), but there are no technical delimiters used to separate user data from shell commands.\n
- Capability inventory: The skill allows for local command execution (slimer, yarn) and file modifications (SKILL.md, steps 2, 4, 5, 6, 7, 8, 9).\n
- Sanitization: No explicit sanitization or input validation logic for user-provided strings is defined within the skill files.
Audit Metadata