Skills
skills/contentful/skills/contentful-migration/Gen Agent Trust Hub

contentful-migration

Pass

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses dynamic context injection (shell commands executed at load time) to verify the environment setup.
  • Evidence: ls migrations/ is used to list existing migration files for the agent.
  • Evidence: grep -h CONTENTFUL .env .env.local ... | sed 's/=.*/=<set>/' is used to check for the existence of required configuration variables. The command explicitly includes a sed filter to ensure that actual secrets are never exposed to the agent or the logs, showing a security-conscious implementation.
  • [COMMAND_EXECUTION]: The skill facilitates the execution of migration scripts using npx contentful space migration. This is the standard and recommended method for using the vendor's official CLI tools.
  • [DATA_EXFILTRATION]: The migration environment provides a context.makeRequest utility for interacting with the Contentful Management API. While this allows for programmatic data access and modification, it is the primary intended purpose of the migration library and is restricted to the user's authenticated space.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it reads and processes migration scripts from the local migrations/ directory.
  • Ingestion points: TypeScript files located in the migrations/ path.
  • Boundary markers: None; the scripts are executed as code by the Contentful CLI.
  • Capability inventory: The skill can execute shell commands (npx), perform network operations via makeRequest, and modify the remote Contentful schema.
  • Sanitization: No sanitization is performed on the migration scripts as they are intended to be executable developer-authored code.
Audit Metadata
Risk Level
SAFE
Analyzed
May 13, 2026, 08:48 PM
Security Audit — agent-trust-hub — contentful-migration