Skills
skills/midudev/autoskills/migrate-to-vinext/Gen Agent Trust Hub

migrate-to-vinext

Pass

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill requires running package managers (npm, pnpm, yarn, bun) and project-specific CLIs like vinext and wrangler to analyze, migrate, and deploy projects.
  • [EXTERNAL_DOWNLOADS]: Downloads various development dependencies from the npm registry, including the vinext framework, Vite, and specialized plugins like @vitejs/plugin-rsc and nitro.
  • [PROMPT_INJECTION]: Indirect prompt injection surface identified through the ingestion of project files. Evidence: 1. Ingestion points: package.json, lockfiles, and configuration files (e.g., next.config.js) in SKILL.md. 2. Boundary markers: absent. 3. Capability inventory: shell command execution (npx, npm) and file system writes (renaming config files). 4. Sanitization: absent. This surface is inherent to the skill's migration purpose and no malicious usage was detected.
Audit Metadata
Risk Level
SAFE
Analyzed
May 12, 2026, 10:26 AM