app-platform-migration
Pass
Audited by Gen Agent Trust Hub on Jun 25, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs architecture analysis by reading configuration files from a user's repository (e.g.,
package.json,Procfile,docker-compose.yml). The Python scripts responsible for this analysis (detect_platform.py,analyze_architecture.py) use safe parsing methods such asjson.loadsandyaml.safe_loadto mitigate risks associated with untrusted data. - [SAFE]: Credential management follows security best practices. The skill uses environment variable bindings (e.g.,
${db.DATABASE_URL}) and placeholders (e.g.,SECRET_KEY,API_KEY) for sensitive information, providing clear instructions for users to manage actual secrets via secure platform features like GitHub Secrets. - [SAFE]: Remote resources referenced in documentation and scripts point to official DigitalOcean documentation or use standard technology company domains (e.g.,
digitaloceanspaces.com). No suspicious external downloads or remote code execution patterns were identified. - [SAFE]: The migration scripts are implemented as standalone Python tools that do not require administrative privileges, perform network exfiltration, or attempt to establish persistence on the host system.
Audit Metadata