code-migration
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses standard shell utilities (
find,grep,wc) for codebase analysis and Node.js package managers (npm,npx) for managing dependencies and verifying migrations through tests and build processes. These operations are appropriate and expected for a code migration tool.\n- [INDIRECT_PROMPT_INJECTION]: The skill processes potentially untrusted content from the user's local codebase, which could contain instructions designed to manipulate agent behavior during the migration process.\n - Ingestion points: Analyzes source files and project structures using
find,grep, and file-reading operations during migration steps (SKILL.md).\n - Boundary markers: The instructions do not specify the use of delimiters or specific warnings to ignore embedded instructions within the files being migrated.\n
- Capability inventory: The skill executes commands such as
npm install,npm test, andnpm run buildafter processing codebase files (SKILL.md).\n - Sanitization: No explicit sanitization or content validation is performed on the ingested code before it is processed or used to trigger build/test cycles.
Audit Metadata