migrate
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The migration workflow is vulnerable to indirect prompt injection because it processes untrusted data from external sources to influence high-privilege actions.
- Ingestion points: Phase 1 (oracle) researches migration targets and guides from external, potentially attacker-controlled sources; Phase 2 (phoenix) reads existing codebase files.
- Boundary markers: Absent. The prompts for the implementer and planner agents do not use delimiters or boundary markers to isolate instructions from the external research data.
- Capability inventory: Phase 4 (kraken) writes code changes to the filesystem and executes commands to run tests.
- Sanitization: Absent. There is no validation or sanitization step to verify that the migration plan or research results do not contain malicious instructions before they are processed by the implementer agent.
- [COMMAND_EXECUTION]: The skill requires the execution of commands in the local environment to facilitate the migration process.
- Evidence: The kraken agent in Phase 4 is explicitly instructed to 'Run tests after each change', which involves executing codebase-specific commands.
Audit Metadata