Migrate
Pass
Audited by Gen Agent Trust Hub on Jun 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local shell commands using the
bunruntime to run classification and approval scripts (MigrateScan.ts,MigrateApprove.ts). - [COMMAND_EXECUTION]: Initiates a background network request to
localhost:31337usingcurlfor status notifications. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it is designed to ingest and process untrusted external content (e.g., Cursor rules, journal dumps, stdin) that could contain malicious instructions.
- Ingestion points: Processes data from arbitrary file paths, directory recursion, and stdin via the
MigrateScan.tstool. - Boundary markers: Implements provenance tracking by wrapping committed content in HTML comments noting the source file, section, and timestamp.
- Capability inventory: Has the ability to read arbitrary user files and write to system-critical agent files such as
memory/feedback_*.md(rules) andUSER/PRINCIPAL_IDENTITY.md. - Sanitization: Employs a tiered confidence system (≥70% auto-approve; 40-70% confirm; <40% walk-through) and explicitly prevents bulk-approval of 'UNCLEAR' chunks to ensure human oversight of high-risk or ambiguous content.
Audit Metadata