Skills
skills/farmage/opencode-skills/legacy-modernizer/Gen Agent Trust Hub

legacy-modernizer

Pass

Audited by Gen Agent Trust Hub on Mar 24, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The assessment script in references/system-assessment.md executes the git command via subprocess.run to perform historical analysis of the codebase.
  • [PROMPT_INJECTION]: The skill's primary function involves ingesting and analyzing untrusted legacy codebase files, establishing a surface for indirect prompt injection.
  • Ingestion points: The LegacyCodeAnalyzer reads file content from a user-specified path (references/system-assessment.md).
  • Boundary markers: The skill does not use specific delimiters or instructions to ignore embedded prompts within the analyzed code.
  • Capability inventory: The agent has access to file system operations (read/write), shell command execution (git), and network operations (HTTP proxying).
  • Sanitization: No content sanitization or instruction filtering is applied to the code content before it is parsed and analyzed.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 24, 2026, 01:36 AM