repo-migration
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection vulnerability by ingesting and processing untrusted data from external repositories.
- Ingestion points: All files, directory structures, and metadata in the source repository being migrated (SKILL.md).
- Boundary markers: Absent; there are no instructions provided to distinguish between the skill's logic and data-driven instructions in the repository.
- Capability inventory: File system manipulation (move, rename, write), git status operations, and execution of repository-local tests and commands (SKILL.md, repository-contract.md).
- Sanitization: Absent; the content and commands found within the source repository are used without explicit validation or sanitization.
- [PROMPT_INJECTION]: The agent is instructed to use files such as 'configs/agent-stack.yaml' and 'configs/capabilities.yaml' found within the processed repository as the source of truth for available skills and capabilities, which could allow a malicious repository to influence agent behavior (repository-contract.md).
- [COMMAND_EXECUTION]: The skill directs the agent to execute 'repository structure checks and tests', 'smoke-test commands', and 'document conversion commands' defined in the source files, creating a potential path for the execution of arbitrary code provided by an untrusted source (SKILL.md, output-contracts.md, repository-contract.md).
Audit Metadata