code-migrator
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to perform standard developer tasks such as installing project dependencies via pip and npm and running validation test suites with pytest. These operations are necessary for the skill's primary purpose of ensuring migration correctness.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it reads and processes untrusted source code from the user's project. This risk is effectively addressed by the instructions' focus on manual review for high-risk code segments and the use of automated testing to catch unintended logic changes.
- [INGESTION_POINTS]: User source files read during the migration process (SKILL.md).
- [BOUNDARY_MARKERS]: None explicitly defined in the prompt templates.
- [CAPABILITY_INVENTORY]: Bash (for package installation and testing), Edit, and Write (for code transformation).
- [SANITIZATION]: The skill relies on human-in-the-loop review and automated test validation rather than automated content sanitization.
Audit Metadata