vendure-delivery-plugin
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): The skill contains no instructions aimed at overriding agent behavior or bypassing safety filters.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file access (e.g., SSH keys, AWS config), or unauthorized network requests were found.
- Obfuscation (SAFE): There is no evidence of Base64, zero-width characters, or other encoding techniques used to hide malicious logic.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill does not perform external package installations or execute remote scripts.
- Privilege Escalation (SAFE): No commands for acquiring elevated system permissions (such as sudo or chmod) were detected.
- Persistence Mechanisms (SAFE): The skill does not attempt to modify system configuration files or establish scheduled tasks for persistent access.
- Indirect Prompt Injection (SAFE): The skill defines structured GraphQL inputs but lacks dangerous interpolation of untrusted data into instructions or command-line contexts.
Audit Metadata