Skills
skills/alexander-danilenko/cortex-ai-skills/legacy-modernization/Gen Agent Trust Hub

legacy-modernization

Pass

Audited by Gen Agent Trust Hub on May 4, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The codebase assessment script in references/system-assessment.md utilizes subprocess.run to execute git log. This functionality is restricted to identifying frequently modified files (hotspots) in the codebase being analyzed, which is a standard part of the modernization assessment workflow.\n- [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and analyze external codebases, which presents an attack surface for indirect prompt injection.\n
  • Ingestion points: The LegacyCodeAnalyzer class in references/system-assessment.md reads and parses Python files from a user-specified directory.\n
  • Boundary markers: None identified in the provided implementation.\n
  • Capability inventory: Static analysis via ast.parse and git command execution via subprocess.run.\n
  • Sanitization: The skill uses standard Python libraries for parsing but does not implement explicit sanitization or filtering of the content within the analyzed files.
Audit Metadata
Risk Level
SAFE
Analyzed
May 4, 2026, 03:37 PM
Security Audit — agent-trust-hub — legacy-modernization