migrate-skill-agent

Pass

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: Executes a local bash script scripts/migrate-skill-agent.sh to perform installation and update tasks using tools like git, rsync, and cp.- [EXTERNAL_DOWNLOADS]: Downloads content from the author's GitHub repository (https://github.com/Mineru98/skills-store) using git pull to ensure the local store is up to date.- [COMMAND_EXECUTION]: The migration script implements several security controls, including validating input names with a strict regular expression (^[A-Za-z0-9][A-Za-z0-9._-]*$) and verifying that the repository's remote URL matches the authorized vendor source.- [COMMAND_EXECUTION]: The skill instructions provide explicit guidance to the agent to parse and quote arguments before passing them to the shell script, which serves as a prompt-level mitigation against command injection.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 19, 2026, 11:38 PM
Security Audit — agent-trust-hub — migrate-skill-agent