The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to execute standard development commands including npm install, uv add, and git tag. These are necessary for the skill's primary purpose of managing version upgrades and repository state.
[EXTERNAL_DOWNLOADS]: Uses npx jscodeshift and mentions ast-grep to download and execute transformation tools. This is a standard workflow for codebase migrations using well-known and trusted tooling.
[DYNAMIC_EXECUTION]: Provides a Python template for health checks that uses subprocess.run to execute test suites and dynamically imports the local package being migrated. This is consistent with standard development and validation practices.
[INDIRECT_PROMPT_INJECTION]: The skill ingests and processes project source files and configuration data, which constitutes a potential attack surface for instructions embedded in data. * Ingestion points: Project source code in src/ and configuration files such as package.json or requirements.txt. * Boundary markers: Absent; there are no specific delimiters or instructions to ignore embedded natural language commands within the processed files. * Capability inventory: Includes file system modification, package installation, and shell command execution via standard package managers. * Sanitization: Absent; the skill relies on structural AST parsing for transformations but does not include explicit sanitization of untrusted code content against natural language instructions.

migration-upgrader