prepare-migration
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Phase 4 scans the source site's CSS and HTML files for font references and downloads them to a local assets directory. This behavior is a documented part of the migration process to ensure the resulting site has all necessary font files available locally.
- [COMMAND_EXECUTION]: The skill uses a tool to invoke other specific components within the Adobe migration suite (stardust:extract, stardust:direct, and stardust:prototype). These calls are structured with specific arguments and require user confirmation gates between phases.
- [PROMPT_INJECTION]: The skill processes untrusted external data (CSS and HTML from the site being migrated) to identify asset URLs. While this represents a surface for indirect prompt injection, the skill implements a 'provenance guard' that validates page records against live-render evidence before advancing, which mitigates the risk of processing synthesized or malicious data.
Audit Metadata