aureuserp-plugin-builder
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill workflow involves processing existing plugin files as patterns for new development, which establishes an indirect prompt injection surface.
- Ingestion points: The agent is directed to inspect the target plugin and its sibling modules within the plugins directory (SKILL.md).
- Boundary markers: The instructions lack explicit boundary markers or directions to disregard potentially malicious instructions embedded in the analyzed reference files.
- Capability inventory: The agent is expected to generate source code, modify filesystem structures (composer.json, migrations), and execute CLI commands.
- Sanitization: There is no requirement or mechanism specified for sanitizing or validating the code ingested from existing plugin files.
- [COMMAND_EXECUTION]: The verification checklist requires running vendor-specific artisan commands (e.g., :install --no-interaction) to confirm that dependencies, migrations, and seeders are correctly processed.
Audit Metadata