django-safe-migration
Warn
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to run shell commands based on configuration found in the project's root files. The
SKILL.mdfile explicitly instructs the agent to: "Run <migration_command> <app_label> <migration_name> to get the actual SQL Django will execute. Always do this — the generated SQL is the ground truth." This creates a direct path for arbitrary shell execution if theMigration commandkey inCLAUDE.mdorAGENTS.mdis maliciously configured (e.g., to a script that exfiltrates data or installs malware). - [PROMPT_INJECTION]: The skill relies on untrusted data from the local file system (
CLAUDE.mdorAGENTS.md) to define its execution parameters. This is an indirect prompt injection surface (Category 8) because the agent ingests this configuration and uses it to interpolate shell commands without sanitization, validation, or boundary markers to prevent command injection or execution of malicious payloads.
Audit Metadata