legacy-bridge
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to parse and expand legacy @load patterns found in external files like CLAUDE.md. This represents a significant indirect prompt injection surface as these patterns can trigger the loading of instructions or file system modifications via the migrate command. (1) Ingestion points: Patterns found in project files during auditing or migration. (2) Boundary markers: None identified in the provided documentation. (3) Capability inventory: Loading instructions into the agent's context and modifying the local file system. (4) Sanitization: Unverifiable as the logic resides in a missing script.
- [Unverifiable Dependencies & Remote Code Execution] (MEDIUM): The skill relies entirely on skill-loader.py for logic and execution, but this script is not included in the package. Its file system operations and handling of external inputs cannot be audited for security.
- [No Code] (INFO): This skill package contains only Markdown and YAML files; no executable code is provided for static analysis.
Recommendations
- AI detected serious security threats
Audit Metadata