migrate-to-teamcity

Pass

Audited by Gen Agent Trust Hub on Jul 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructions and reference materials include command-line examples for the teamcity tool and shell commands that use sudo for system-level tasks like installing the Go toolchain (e.g., in references/gotchas.md).
  • [EXTERNAL_DOWNLOADS]: The documentation references downloading resources from well-known external domains including go.dev and codecov.io.
  • [REMOTE_CODE_EXECUTION]: The migration mappings suggest executing remote scripts from well-known services, such as using curl | bash for GoReleaser (in references/mappings.md).
  • [PROMPT_INJECTION]: The skill processes untrusted local CI/CD configuration files from GitHub Actions and Bamboo, which presents a surface for indirect prompt injection.
  • Ingestion points: teamcity migrate scans .github/workflows/ and bamboo-specs/.
  • Boundary markers: None specified.
  • Capability inventory: Includes the teamcity CLI and shell script generation/execution.
  • Sanitization: No explicit sanitization of the input file content is documented.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 7, 2026, 08:54 AM
Security Audit — agent-trust-hub — migrate-to-teamcity