data-migration-expert
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill consists entirely of instructional text and Markdown documentation. It does not include any scripts, binaries, or automated tasks.
- [SAFE]: No external network requests, data exfiltration patterns, or hardcoded credentials were detected.
- [PROMPT_INJECTION]: The skill processes external data (pull request diffs), which is a surface for indirect prompt injection. However, it lacks tool-based capabilities to act on malicious instructions.
- Ingestion points: Processes pull request content and migration scripts provided by users in the chat context.
- Boundary markers: No explicit delimiters or boundary markers are defined in the instructions to separate untrusted data.
- Capability inventory: The skill has no active capabilities, subprocess calls, or file system access.
- Sanitization: No input sanitization or validation logic is present.
Audit Metadata