Skills
skills/contentful/skills/contentful-migration/Gen Agent Trust Hub

contentful-migration

Warn

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes dynamic context injection (the !command syntax) within SKILL.md to automatically execute shell commands when the skill is loaded. Specifically, it runs ls migrations/ and a grep command on local environment files to verify setup. It also enables the execution of Contentful CLI operations via npx.- [DATA_EXFILTRATION]: The automated grep command in SKILL.md targets sensitive local files such as .env and .env.local. Although the command includes a sed filter to mask secret values in the output provided to the prompt, the execution itself has raw access to these sensitive files.- [REMOTE_CODE_EXECUTION]: The skill is designed to have the agent write TypeScript migration scripts to the migrations/ directory and execute them. These scripts have broad capabilities, including the ability to perform arbitrary actions within the migration context and access Contentful management tokens.- [EXTERNAL_DOWNLOADS]: The documentation suggests installing contentful-migration and contentful-cli from the npm registry. These are official tools provided by the vendor (Contentful) and are considered safe for the intended purpose of the skill.- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it processes external data from Contentful API responses and handles agent-generated migration code.
  • Ingestion points: Migration scripts stored in migrations/** and data retrieved from the Contentful Management API via context.makeRequest.
  • Boundary markers: Absent; the skill does not define specific delimiters or instructions to prevent the agent from obeying commands that might be embedded in the data it processes.
  • Capability inventory: The skill allows for command execution via npx, file system interaction for managing migration files, and network communication with the Contentful API.
  • Sanitization: Not mentioned; there is no specified validation or sanitization for data fetched from external sources before it is used to influence the migration process.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 12, 2026, 01:36 PM