orchardcore-module-creator
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill workflow involves executing several shell commands to manage the development lifecycle, including
mkdirfor directory creation, anddotnet buildanddotnet runfor compiling and executing the generated module code. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes untrusted user requirements to generate code files (Category 8). There is a risk that an attacker could provide requirements that include malicious code, which would then be written to the local filesystem and executed during the build process.
- Ingestion points: User-provided descriptions of module functionality, content parts, and fields (processed in SKILL.md and applied to templates in the references directory).
- Boundary markers: Absent. The skill does not implement specific delimiters or 'ignore' instructions to separate user input from the code generation logic.
- Capability inventory: The skill possesses the ability to create directories, write files, and execute build/run commands via the .NET SDK on the host system.
- Sanitization: Absent. There is no evidence of validation, escaping, or filtering of user input before it is interpolated into C# templates or Razor views.
Audit Metadata