migration-sweep
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes
grepvia theBashtool to scan the project directories (src/,tests/,e2e/,python_backend/) for specific string patterns. This is limited to read-only search operations and is standard for code-analysis tasks. - [PROMPT_INJECTION]: The skill processes content from the codebase which could contain indirect prompt injections designed to influence the agent during the extraction and reporting phase.
- Ingestion points: Reads files with
.ts,.tsx, and.pyextensions in multiple project subdirectories viagrepandReadtools. - Boundary markers: Missing; the agent extracts metadata and descriptions directly from comments following the
TODO(migration)pattern without specific delimiters to isolate potential instructions from data. - Capability inventory: Includes
Read,Grep,Glob, andBashfor file system interaction and command execution. - Sanitization: The skill includes an explicit safety instruction ('Never: Automatically delete') that requires human confirmation before any code changes are made, which serves as a significant mitigation against the impact of potential malicious instructions.
Audit Metadata