django-safe-migration

Warn

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill is designed to run shell commands based on configuration found in the project's root files. The SKILL.md file explicitly instructs the agent to: "Run <migration_command> <app_label> <migration_name> to get the actual SQL Django will execute. Always do this — the generated SQL is the ground truth." This creates a direct path for arbitrary shell execution if the Migration command key in CLAUDE.md or AGENTS.md is maliciously configured (e.g., to a script that exfiltrates data or installs malware).
  • [PROMPT_INJECTION]: The skill relies on untrusted data from the local file system (CLAUDE.md or AGENTS.md) to define its execution parameters. This is an indirect prompt injection surface (Category 8) because the agent ingests this configuration and uses it to interpolate shell commands without sanitization, validation, or boundary markers to prevent command injection or execution of malicious payloads.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 13, 2026, 10:42 AM
Security Audit — agent-trust-hub — django-safe-migration