hyva-create-module
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill delegates the execution of
bin/magento setup:upgradeto thehyva-exec-shell-cmdskill, which handles environment-specific command wrapping. - [PROMPT_INJECTION]: The skill exhibits an indirect injection surface by interpolating user-provided parameters into generated PHP, XML, and JSON files. Ingestion points: Parameters
vendor,module,description,dependencies, andcomposer_requireas defined inSKILL.md. Boundary markers: Validation for PascalCase is enforced for vendor and module names. Capability inventory: Ability to write files to theapp/code/directory. Sanitization: Employs alphanumeric validation for primary identifiers. - [SAFE]: The skill follows secure development practices by using localized templates and validating inputs to mitigate path traversal and code injection risks.
Audit Metadata