claude-opus-4-5-migration
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is highly vulnerable to instructions embedded in the data it processes.
- Ingestion points: The migration workflow requires the agent to search and read the user's entire codebase, including prompt files and API call configurations (
SKILL.md). - Boundary markers: There are no instructions provided to the agent to treat the content of the files being read as untrusted data or to ignore embedded instructions within those files.
- Capability inventory: The skill has broad write capabilities, including modifying model strings, deleting code (beta headers), and injecting new logic/parameters across the filesystem.
- Sanitization: No sanitization or validation logic is defined to prevent the agent from executing instructions found within the code it is supposed to be migrating.
- [Unverifiable Dependencies] (MEDIUM): The skill relies on external reference files (
references/effort.md,references/prompt-snippets.md) that are not provided in the primary skill file. These files contain the actual code snippets that the agent will inject into the user's codebase, and their contents cannot be verified for safety.
Recommendations
- AI detected serious security threats
Audit Metadata