idempiere-2pack
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEPROMPT_INJECTIONREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates a workflow for processing external 2Pack ZIP files which creates an indirect prompt injection surface.
- Ingestion points: ZIP files uploaded to 'AD_Package_Imp_Proc' or placed in folders defined by 'AUTOMATIC_PACKIN_FOLDERS' (referenced in core-map.md and operating-playbook.md).
- Boundary markers: None mentioned for the data contents; the system processes XML and ZIP structures directly.
- Capability inventory: Capability to execute shell scripts (ShellScriptElementHandler) and JSR223 scripts like BeanShell/Groovy (ScriptJSR223ElementHandler).
- Sanitization: No sanitization of script content is mentioned; the documentation explicitly warns that 'SH' and 'SCJ' handlers should be treated as remote execution surfaces.
- [REMOTE_CODE_EXECUTION]: The skill documentation details the 'ScriptJSR223ElementHandler' which executes BeanShell or Groovy code from the 'dict/PackOut.xml' inside 2Pack packages.
- [COMMAND_EXECUTION]: The skill documentation details the 'ShellScriptElementHandler' which uses 'ProcessBuilder' to execute shell scripts extracted from 2Pack packages.
- [NO_CODE]: The skill consists of Markdown and YAML files providing guidance and technical mapping but does not include any executable scripts (.py, .js, .sh, etc.) in its distribution.
Audit Metadata