Skills
skills/jeffallan/claude-skills/legacy-modernizer/Gen Agent Trust Hub

legacy-modernizer

Pass

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface due to its core function of analyzing external, untrusted codebases.
  • Ingestion points: The LegacyCodeAnalyzer in references/system-assessment.md reads and processes the contents of all files in a target directory.
  • Boundary markers: There are no explicit markers or 'ignore embedded instructions' warnings applied to the data being read from the legacy files.
  • Capability inventory: The skill uses ast.parse and file reads for assessment, subprocess.run for git logging, and httpx for network proxying during framework migration.
  • Sanitization: The assessment scripts use structured parsing (AST) rather than execution, and command-line operations use list-based arguments to prevent shell injection, minimizing the risk of the agent being tricked by malicious file content or names.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 30, 2026, 01:10 AM