dmr-from-django-ninja
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the agent to execute repository-native CI scripts, official script entrypoints, and test suites (Step 11 and 12). This involves running shell commands defined by the target project's environment to validate the migration results.
- [PROMPT_INJECTION]: The skill processes untrusted content from the codebase (such as API definitions, docstrings, and tests) while possessing execution capabilities, creating a surface for indirect prompt injection.
- Ingestion points: Project source code, URL wiring, API schemas, and test fixtures across several files (Step 1, Step 3, Step 10).
- Boundary markers: The instructions do not define delimiters or specific warnings to ignore instructions embedded in the project files during analysis.
- Capability inventory: Includes execution of shell commands/CI scripts (Step 11) and extensive file system modifications (Step 5-8).
- Sanitization: There is no mention of sanitizing or validating the contents of the project files before they are processed by the agent.
- [EXTERNAL_DOWNLOADS]: Fetches documentation from the vendor's official documentation site on ReadTheDocs to guide the migration process.
Audit Metadata