Skills
skills/adobe/aio-commerce-sdk/commerce-app-migrate/Gen Agent Trust Hub

commerce-app-migrate

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The executor agent performs multiple shell operations including branch management via git, dependency installation via npm/yarn/pnpm/bun, and execution of a project-specific CLI utility (@adobe/aio-commerce-lib-app). These commands are necessary for the migration workflow.
  • [COMMAND_EXECUTION]: The skill performs dynamic script generation by refactoring existing JavaScript installation scripts into a new format. This involves wrapping existing logic with the defineCustomInstallationStep wrapper and updating environment variable access patterns to align with the new App Management architecture.
  • [EXTERNAL_DOWNLOADS]: The skill installs several Node.js packages (@adobe/aio-commerce-lib-app, @adobe/aio-commerce-sdk, @adobe/aio-commerce-lib-config) from the official npm registry. These packages are owned by Adobe, the verified vendor of the skill.
  • [REMOTE_CODE_EXECUTION]: The skill executes code from the downloaded @adobe/aio-commerce-lib-app package using the 'generate all' command to create project-specific source files. This execution is gated by a user confirmation step and uses trusted vendor software.
  • [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection as it ingests untrusted project files to influence configuration and code generation.
  • Ingestion points: Reads project files including app.config.yaml, package.json, and various onboarding scripts via the analyzer agent.
  • Boundary markers: The skill implements an orchestrator protocol ([await]) and explicitly presents the generated configuration for user review before any execution takes place.
  • Capability inventory: The skill has capabilities for filesystem writes, git operations, and shell command execution via the executor agent.
  • Sanitization: Basic normalization is applied to metadata fields (id, displayName) derived from package.json and extension-manifest.json.
  • [CREDENTIALS_UNSAFE]: The analyzer agent identifies authentication modes by scanning environment variable keys. It uses a specific shell command (grep and sed) to ensure only keys are extracted from .env files, preventing actual secret values from being read into the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 12:44 PM
Security Audit — agent-trust-hub — commerce-app-migrate