modernize-ui5-app
Pass
Audited by Gen Agent Trust Hub on Jun 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes various CLI tools including Maven (mvn), npm, and npx, as well as local Node.js scripts, to perform analysis, builds, and test runs. These operations are necessary for modernization but represent high-privilege interactions with the local environment.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted project files (JavaScript, XML, and JSON) to drive modernization steps. \n
- Ingestion points: Target UI5 project source files (JS, XML, JSON).\n
- Boundary markers: No delimiters or 'ignore' instructions are used to separate untrusted project content from agent instructions.\n
- Capability inventory: High-privilege file writes and shell command execution based on analyzed content.\n
- Sanitization: Input project content is not sanitized before being used to determine modernization strategies or interpolate into prompts.\n- [EXTERNAL_DOWNLOADS]: Fetches modernization tools (like @ui5/linter) and project dependencies from the official npm registry, which is a well-known service.
Audit Metadata