Skills
skills/starchild-ai-agent/official-skills/agent-import/Gen Agent Trust Hub

agent-import

Warn

Audited by Gen Agent Trust Hub on Apr 24, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The scripts/download.py script fetches a migration bundle from https://sc-agent-migration.fly.dev. This represents a remote data download from the vendor's relay service.
  • [REMOTE_CODE_EXECUTION]: In Step 3f of SKILL.md, the agent is instructed to read task descriptions from the untrusted tasks.json file in the downloaded bundle, synthesize run.py Python scripts from those descriptions, and execute them using bash. This pattern allows the content of the migration bundle to define and run arbitrary code on the agent's system.
  • [PROMPT_INJECTION]: The skill ingests untrusted data from the migration bundle into the agent's memory and identity. Ingestion points: migration/memory/agent.json, migration/memory/user.json, migration/identity/soul.md. Boundary markers: None identified. Capability inventory: scheduled_task, bash, memory, user_settings. Sanitization: None identified. This creates a surface for indirect prompt injection where instructions in the bundle could manipulate agent behavior.
  • [COMMAND_EXECUTION]: The skill uses cp -r migration/files/* . to transfer files from the bundle into the workspace. Although download.py includes path traversal protection, this broad copy operation could overwrite critical workspace files if the bundle contains conflicting filenames.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 24, 2026, 01:20 PM