migrate-to-teamcity
Pass
Audited by Gen Agent Trust Hub on Jul 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions and reference materials include command-line examples for the teamcity tool and shell commands that use sudo for system-level tasks like installing the Go toolchain (e.g., in references/gotchas.md).
- [EXTERNAL_DOWNLOADS]: The documentation references downloading resources from well-known external domains including go.dev and codecov.io.
- [REMOTE_CODE_EXECUTION]: The migration mappings suggest executing remote scripts from well-known services, such as using curl | bash for GoReleaser (in references/mappings.md).
- [PROMPT_INJECTION]: The skill processes untrusted local CI/CD configuration files from GitHub Actions and Bamboo, which presents a surface for indirect prompt injection.
- Ingestion points:
teamcity migratescans.github/workflows/andbamboo-specs/. - Boundary markers: None specified.
- Capability inventory: Includes the
teamcityCLI and shell script generation/execution. - Sanitization: No explicit sanitization of the input file content is documented.
Audit Metadata