migrate-to-rsbuild
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions involve executing project-specific commands such as starting a development server or running a build process to verify the migration. This is the primary and intended purpose of the skill.
- [EXTERNAL_DOWNLOADS]: The skill provides links to official documentation on
rsbuild.rs. These references are used for user guidance and point to the well-known official domain of the Rsbuild build tool. - [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it reads and processes untrusted project files.
- Ingestion points: Reads
package.json,webpack.config.*,vite.config.*, andcraco.config.*to detect project structure. - Boundary markers: None explicitly defined in the workflow for separating data from instructions.
- Capability inventory: The agent is empowered to modify configuration files and execute shell commands (npm scripts).
- Sanitization: There is no explicit sanitization of the content read from configuration files before processing.
Audit Metadata