moodle-external-api-development
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill enforces robust input validation using Moodle's internal parameter cleaning system (PARAM_* types), which mitigates common injection risks.
- [SAFE]: Permission and capability checks (require_capability) are correctly placed before sensitive operations to ensure proper access control.
- [SAFE]: Database interactions are performed using parameterized queries, which is the recommended method for preventing SQL injection.
- [SAFE]: Error logging and transaction management examples follow Moodle development best practices, although the use of 0777 permissions in the directory creation example is a minor security anti-pattern.
Audit Metadata