data-contract-migrations
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill defines a workflow for ingesting and processing untrusted external data, creating a surface for indirect prompt injection.\n
- Ingestion points: The skill requests "Current schema, models, serializers, API contracts, and persisted samples" in the Preflight section of SKILL.md.\n
- Boundary markers: No specific delimiters or instructions to ignore commands within the ingested data are defined in SKILL.md.\n
- Capability inventory: The skill instructions direct the agent to generate executable "migration_strategy", "rollback_or_recovery", and "test_commands" as part of its output (SKILL.md).\n
- Sanitization: There are no requirements or logic provided for the validation or sanitization of the input data before it is processed by the agent.
Audit Metadata