Skills
skills/cartodb/agent-skills/carto-arcgis-migration/Gen Agent Trust Hub

carto-arcgis-migration

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill automates the migration process by generating and executing shell commands for the carto CLI and curl utility. These commands use metadata such as item IDs, titles, and URLs ingested from ArcGIS Portals to perform operations like data imports and map creation.
  • [REMOTE_CODE_EXECUTION]: The skill translates ArcGIS Arcade expressions into SQL for the CARTO Workspace. To ensure safety, it implements a restrictive subset of the Arcade language and uses the sqlglot library to validate generated SQL against specific database dialects before execution.
  • [DATA_EXFILTRATION]: The skill performs data movement from ArcGIS Portals to the CARTO Workspace. It interacts with ArcGIS REST APIs to enumerate and extract content and uploads map assets (markers) to the CARTO Workspace via authenticated HTTP requests. Authentication is managed through environment variables and the CARTO CLI's local credentials.
  • [PROMPT_INJECTION]: The skill processes metadata and payloads from ArcGIS Portals as part of the translation process. It implements structural parsing and programmatic mapping of this data to CARTO configurations, which limits the influence of external content on the agent's runtime instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 10:02 PM
Security Audit — agent-trust-hub — carto-arcgis-migration