drupal-ddev
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- SAFE (SAFE): The skill consists of documentation and templates for Drupal development. No malicious behavior, obfuscation, or data exfiltration patterns were identified.\n- COMMAND_EXECUTION (SAFE): The skill highlights various DDEV and Drupal-specific commands (ddev, drush, composer). These are essential for the primary functionality of the skill and represent standard usage within a local development context.\n- Indirect Prompt Injection (LOW): The skill identifies workflows that ingest external files, creating a potential surface for indirect prompt injection if those files are malicious.\n
- Ingestion points: .ddev/config.yaml and database backup files.\n
- Boundary markers: Delimiters or warnings are not present in the reference templates.\n
- Capability inventory: The skill mentions DDEV hooks (exec-host, exec) which allow for command execution, and SSH for remote data fetching.\n
- Sanitization: The skill does not include sanitization logic, as it provides documentation rather than executable code.
Audit Metadata