migrate-create
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The documentation references npx @claude-flow/cli@latest, which fetches the vendor's command-line interface from the NPM registry.
- [REMOTE_CODE_EXECUTION]: The use of npx is suggested for executing vendor-provided tools from a remote registry, which is consistent with the skill's intended development workflow.
- [COMMAND_EXECUTION]: The skill includes shell command examples for manual interaction with the migration memory store.
- [PROMPT_INJECTION]: The skill has an indirect injection surface where user-supplied migration names and external memory search results are used to generate SQL file content.
- Ingestion points: The argument and output from the agentdb_pattern-search tool.
- Boundary markers: None.
- Capability inventory: File writing, globbing, and bash execution via allowed tools.
- Sanitization: Not explicitly implemented in the provided templates.
Audit Metadata