prompt-migration
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to search the local filesystem for specific file types (e.g., .py, package.json) and string patterns to identify LLM integration points.\n- [EXTERNAL_DOWNLOADS]: The skill documents the use of the zeroeval library and provides examples of network-based operations to api.zeroeval.com for fetching prompt configurations and sending telemetry.\n- [DATA_EXFILTRATION]: The skill describes sending prompt metadata, trace IDs, and feedback signal to the ZeroEval backend. These operations are consistent with the skill's primary purpose of prompt lifecycle management.\n- [PROMPT_INJECTION]: The skill introduces a surface for indirect prompt injection via template variables in ze.prompt(). It provides a structured way to interpolate variables into system prompts, which requires the implementing developer to ensure proper sanitization of input data.
Audit Metadata