Migrate Eval
============

Status: failed
Score: 81/100
Risk: high
Decision: do_not_auto_install
Policy: block
Reason: Permission surface: shell or command execution, filesystem or document access

Install:
npx skills add golang-migrate/migrate

Required checks:
- PASS Task fit: Task wording matches this skill metadata.
- PASS Install path: Install handoff is available.
- PASS Install command safety: standard package or runtime install path
- PASS Trust score: Good trust signals with a few areas worth checking before rollout.
- WARN Audit score: Needs review
- WARN Agent safety gate: Sparse or mixed signals. Useful for discovery, but not for autonomous installation.
- WARN License clarity: Unknown
- FAIL Permission surface: shell or command execution, filesystem or document access

Warnings:
- Audit score: Needs review
- Agent safety gate: Sparse or mixed signals. Useful for discovery, but not for autonomous installation.
- README/SKILL.md completeness: Public metadata needs stronger README/SKILL.md context
- License clarity: Unknown
- Recent maintenance: 3mo since push
- High-risk permission hints: Shell or command execution
- License is unclear
- Permission surface may require sandboxing
- Permission surface needs review: shell or command execution, filesystem or document access
- Permission surface: shell or command execution, filesystem or document access

Validation plan:
1. Inspect repository, README/SKILL.md, license, and recent commits before production use.
2. Install in an isolated workspace or sandbox with no production secrets available.
3. Run the smallest representative task and record files touched, commands run, network access, and outputs.
4. Compare the selected skill against at least one alternative when the eval status is review or failed.
5. Promote only after the agent reports a successful verification result and unresolved warnings are accepted.

Do not use when:
- teams that need a vendor-supported SLA
- high-compliance environments without internal security review
- No major risk signals from current metadata
- High-risk permission hints: Shell or command execution
- License is unclear
- Permission surface may require sandboxing
- Permission surface needs review: shell or command execution, filesystem or document access
- License clarity: Unknown

URLs:
- Skill: https://www.openagentskill.com/skills/golang-migrate-migrate
- Audit: https://www.openagentskill.com/skills/golang-migrate-migrate/audit
- JSON: https://www.openagentskill.com/api/agent/evals?slug=golang-migrate-migrate