codebase-migrate
Fail
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill documentation includes an installation command for the Composio CLI:
curl -fsSL https://composio.dev/install | bash. This fetches and executes a script from the vendor's domain to set up the necessary environment. - [COMMAND_EXECUTION]: The agent is instructed to perform various shell-based tasks including repository searches (
rg), local code transformations using AST-based tools, and Git operations such as branching, committing, and pushing code. - [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection (Category 8) as it programmatically reads and modifies files from the user's codebase.
- Ingestion points: Local source files identified through search patterns and passed to refactoring tools (e.g.,
jscodeshift). - Boundary markers: The instructions do not define specific delimiters or security warnings to prevent the agent from obeying instructions embedded in the code being refactored.
- Capability inventory: The skill allows for file modification, execution of local build/test tools, and interaction with remote repository hosting and project management services.
- Sanitization: There is no explicit logic described for sanitizing content retrieved from local files before processing or committing it.
Recommendations
- HIGH: Downloads and executes remote code from: https://composio.dev/install - DO NOT USE without thorough review
Audit Metadata