valohai-migrate-data
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection surface. The skill directs the agent to scan project files, including READMEs and documentation, to find default values and data paths for migration. This creates an attack surface where an attacker could place malicious instructions in project documentation to influence the agent's actions during the migration process.
- Ingestion points: Project README, README.md, documentation files, and source code files.
- Boundary markers: Absent. No specific instructions are provided to the agent to ignore or delimit instructions found within the project documentation.
- Capability inventory: The agent is guided to perform file modifications and execute CLI commands such as 'vh lint' and 'vh execution run'.
- Sanitization: Absent. The skill does not suggest any validation or filtering of the information retrieved from documentation files.
Audit Metadata