code-migration
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill serves as a code analysis tool that ingests untrusted source code, which creates a surface for indirect prompt injection.
- Ingestion points: The codebase directory processed in
scripts/analyze-migration.shand the source API data structures defined inSKILL.md. - Boundary markers: Absent; no delimiters or instructions to ignore embedded prompts are implemented in the analysis logic.
- Capability inventory: Shell script execution (
find,wc,cat), file system enumeration, and result logging to local files. - Sanitization: No sanitization, escaping, or content filtering is applied to the source files during ingestion or processing.
- [COMMAND_EXECUTION]: The skill includes a bash script (
scripts/analyze-migration.sh) that executes file system commands and generates reports. While its current operations are benign simulations, it establishes a pattern of executing local commands on user-specified directories.
Audit Metadata