orderly-plugin-gen
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Shell tool to execute a local Node.js script (
create-plugin.mjs) for file and directory generation. This script is part of the skill package and uses standard Node.js built-in modules. - [SAFE]: No security issues were detected. The generation script implements strict input validation, including a regular expression (
/^[a-z][a-z0-9-]*$/) to sanitize plugin names and an allow-list for plugin types, preventing malicious injection into generated file contents or paths. The skill performs no network requests and does not access sensitive user data.
Audit Metadata