Skills
skills/autumnsgrove/groveengine/goose-migrate/Gen Agent Trust Hub

goose-migrate

Pass

Audited by Gen Agent Trust Hub on Mar 28, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes gh issue list to read issue data from GitHub and gw todo to deposit tasks into Todoist. These commands are essential to the skill's primary function and are executed within a transparent, user-guided workflow.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted input from GitHub issue titles and descriptions to generate Todoist tasks. The potential risk of instruction injection via external content is mitigated by the mandatory user review step (Phase 4: DRAFT), which requires explicit user approval before the migration proceeds.
  • [DYNAMIC_EXECUTION]: In Phase 5, the skill generates a temporary JSON file to facilitate batch task creation. This runtime data generation uses standard shell patterns and is used exclusively for organizing the migration data prior to task creation.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 28, 2026, 02:20 AM