data-contract-migrations

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill defines a workflow for ingesting and processing untrusted external data, creating a surface for indirect prompt injection.\n
  • Ingestion points: The skill requests "Current schema, models, serializers, API contracts, and persisted samples" in the Preflight section of SKILL.md.\n
  • Boundary markers: No specific delimiters or instructions to ignore commands within the ingested data are defined in SKILL.md.\n
  • Capability inventory: The skill instructions direct the agent to generate executable "migration_strategy", "rollback_or_recovery", and "test_commands" as part of its output (SKILL.md).\n
  • Sanitization: There are no requirements or logic provided for the validation or sanitization of the input data before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 11:20 AM
Security Audit — agent-trust-hub — data-contract-migrations