project-migrate
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection vulnerability surface as it processes untrusted external data.
- Ingestion points: The agent is instructed to read local project manifest files such as
package.json,requirements.txt, andDockerfile, as well as to navigate to user-provided test environment URLs using the Chrome MCP tool to extract validation inputs and outputs (SKILL.md,reference/golden-master-testing.md). - Boundary markers: No specific boundary markers or instructions to ignore embedded commands within the ingested files or web content are defined in the skill instructions or templates.
- Capability inventory: The skill possesses the capability to write files to the local file system (creating
discovery.md,validation.md, andplan.md) and to perform network navigation via Chrome MCP (SKILL.md). - Sanitization: There is no evidence of sanitization, filtering, or validation of the content retrieved from project files or external URLs before it is incorporated into the agent's context.
- [SAFE]: The data access patterns are consistent with the skill's stated purpose of documenting migrations. It specifically targets standard project metadata files for stack identification and uses local storage for resulting documentation.
Audit Metadata