pelican-panel-plugins
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for executing shell-based Artisan commands to scaffold plugins and manage database migrations, which is a standard part of the Pelican development workflow.
- [COMMAND_EXECUTION]: Includes documentation for using the
EnvironmentWriterTraitto programmatically modify the application's.envconfiguration file, allowing plugins to manage their own environment-specific settings. - [EXTERNAL_DOWNLOADS]: The documentation for
plugin.jsondescribes thecomposer_packagesfield, which enables plugins to declare and trigger the installation of external PHP dependencies via Composer. - [PROMPT_INJECTION]: The skill demonstrates handling user-provided data, such as server notes, which establishes an indirect prompt injection surface. Ingestion points: User input captured via
Textareacomponents inServerNoteResource.phpandNoteRelationManager.php. Boundary markers: None explicitly provided in the templates to distinguish user content from system instructions. Capability inventory: Artisan command execution and database migrations registered inServerNotesServiceProvider.php, and file-system modification viaEnvironmentWriterTrait. Sanitization: Relies on default Laravel and FilamentPHP auto-escaping mechanisms and includes a usage example ofMarkdown::inline().
Audit Metadata