Migrate
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
bunruntime to execute local TypeScript tools (MigrateScan.tsandMigrateApprove.ts) located at~/.claude/PAI/TOOLS/. These scripts are used for content classification and data commitment. - [COMMAND_EXECUTION]: A
curlcommand is used to send a POST request tolocalhost:31337. This network operation is restricted to the local loopback interface and is intended for user notifications. - [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it ingests untrusted data from external files and standard input.
- Ingestion points: External
.md,.txt, and.cursorrulesfiles, as well as piped standard input (Phase 1, SKILL.md). - Boundary markers: Explicit markers or instructions to ignore embedded commands are absent in the skill instructions.
- Capability inventory: The skill can write to the local file system (TELOS/MEMORY directories) and execute local scripts via
bun(Phase 4, SKILL.md). - Sanitization: No explicit sanitization or filtering of external content is described.
- Mitigation: The risk is significantly mitigated by a mandatory human-in-the-loop approval process (Phase 4), which requires users to review and approve classifications before any data is committed to the system.
Audit Metadata