Skills
skills/lombiq/orchard-core-agent-skills/orchard-core-theming/Gen Agent Trust Hub

orchard-core-theming

Warn

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): The script scripts/sync-skill.py is designed to update the skill by performing a git clone from https://github.com/Lombiq/Orchard-Core-Agent-Skills. Because the 'Lombiq' organization is not included in the predefined trusted organizations list, this is classified as an unverifiable external download.
  • COMMAND_EXECUTION (LOW): The skill utilizes subprocess.run and sqlite3 to perform its primary tasks, such as syncing the repository and querying local Orchard Core databases. These operations use whitelist-validated inputs or parameterized queries, significantly reducing the risk of injection.
  • DATA_EXFILTRATION (SAFE): While the skill contains scripts to extract content from OrchardCore.db, these extraction tools only output data to the standard output or local files as requested by the user, and no unauthorized network calls were detected.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 19, 2026, 07:36 AM