vendure-developing
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [Prompt Injection] (SAFE): No patterns detected that attempt to override agent behavior or bypass safety guidelines. The instructions are purely technical and domain-specific.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, sensitive file paths, or unauthorized network calls were found. The skill focuses on legitimate e-commerce logic.
- [Unverifiable Dependencies] (SAFE): The skill references standard, industry-recognized packages (
@vendure/core,@vendure/admin-ui) consistent with its stated purpose. - [Indirect Prompt Injection] (LOW): The skill identifies an attack surface by processing user-provided 'Vendure tasks'. However, it mitigates this by enforcing 'REQUIRED Patterns' such as the use of
@Allow()permission decorators and properRequestContextthreading in generated code. - [Command Execution] (SAFE): No direct shell command execution or subprocess spawning is present in the skill definition.
Audit Metadata