project-migration
Fail
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions include high-privilege commands, specifically
sudo rm -rf ~/.devcontainer-state, which poses a risk of unauthorized or accidental data deletion. - [DATA_EXFILTRATION]: The configuration requirements include mounting sensitive host directories (
~/.sshand~/.aws) directly into the development container, creating a significant risk of credential exposure or theft. - [EXTERNAL_DOWNLOADS]: The skill fetches configuration state and blueprints from external GitHub repositories such as
git@github.com:loxosceles/devcontainer-state.gitandloxosceles/project-blueprints. - [REMOTE_CODE_EXECUTION]: The skill uses
npxto dynamically download and execute skills and tools (e.g.,npx skills add loxosceles/ai-dev) during the migration process. - [PROMPT_INJECTION]: The skill processes existing, potentially untrusted project files, establishing an indirect prompt injection surface.
- Ingestion points: The agent reads and audits existing project files, including
.devcontainer/configs, linting files, andpackage.json(SKILL.md). - Boundary markers: None identified; instructions do not include delimiters or warnings to ignore malicious content within project files.
- Capability inventory: The skill has extensive shell execution capabilities including
git,mkdir,npx, andpnpm, as well as the ability to modify project structure (SKILL.md). - Sanitization: No validation or sanitization of existing project content is specified before processing.
Recommendations
- AI detected serious security threats
Audit Metadata