ln-830-code-modernization-coordinator
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to fetch missing scripts and reference files from the author's public GitHub repository (
github.com/levnikolaevich/claude-code-skills) using the WebFetch tool. This is a maintenance mechanism for the skill's own dependencies. - [COMMAND_EXECUTION]: The skill executes a local Node.js CLI utility (
node shared/scripts/modernization-runtime/cli.mjs) to manage the modernization runtime environment, record progress checkpoints, and aggregate results. These commands are integral to the skill's primary coordination function. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) as it processes external data from audit reports and worker-generated JSON summaries.
- Ingestion points: Reads project audit reports and machine-readable JSON summaries from child workers.
- Boundary markers: None explicitly defined in the prompt instructions to isolate embedded instructions in the audit reports.
- Capability inventory: File system writes, shell execution via Node.js, and network access via WebFetch.
- Sanitization: No explicit sanitization or validation steps are mentioned for the text-based audit reports before they are processed by the agent.
Audit Metadata