migrate-subfeatures
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script performs file system operations including copying directories and deleting legacy folders using the
shutilmodule to manage the repository migration process. - [REMOTE_CODE_EXECUTION]: The skill uses
importlib.utilto dynamically load and execute Python modules from other skill directories within the repository. This dynamic loading from computed paths is used to integrate with the project's planning and subfeature management systems. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes metadata from repository-hosted JSON files without isolation or comprehensive sanitization.
- Ingestion points: Reads JSON data from
.feature-change-meta.jsonfiles within legacy change directories (e.g., inscripts/migrate_subfeatures.py). - Boundary markers: None identified; data is directly loaded and processed as JSON objects.
- Capability inventory: The skill has the ability to write/delete files and execute dynamic module code.
- Sanitization: Validation is restricted to basic slug format checks, with free-text fields like 'summary' and 'review_note' being accepted with only whitespace normalization.
Audit Metadata