code-migration
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary purpose is to assist developers in software migration. All provided scripts and documentation are consistent with this goal.
- [COMMAND_EXECUTION]: The skill includes a shell script (
scripts/analyze-migration.sh) and references various npm/CLI commands. These tools are used for legitimate codebase analysis such as counting file types and generating migration reports, and do not perform unauthorized or dangerous operations. - [DATA_EXPOSURE]: While the skill analyzes local source code, it only extracts structural metadata (e.g., file counts, component names, API signatures) for the purpose of planning upgrades. No evidence of sensitive file access (e.g., .env, SSH keys) or network exfiltration was found.
- [INDIRECT_PROMPT_INJECTION]: The skill has an attack surface where it processes untrusted codebase content. However, its analysis logic is focused on structural patterns and API surfaces rather than interpreting natural language instructions within the code, making the risk of indirect injection negligible in its current implementation.
Audit Metadata