drupal-lazy-builders
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No instructions to override agent behavior or bypass safety filters were detected. The skill consists entirely of technical documentation and code examples.
- [Data Exposure & Exfiltration] (SAFE): No sensitive file access, hardcoded credentials, or unauthorized network operations were found. The use of Drupal's currentUser() API is consistent with the stated purpose of personalization.
- [Obfuscation] (SAFE): The content is presented in plain text and standard code blocks with no evidence of encoding, zero-width characters, or homoglyphs.
- [Remote Code Execution] (SAFE): There are no patterns involving remote script downloads (curl/wget), piped shell execution, or unsafe dynamic code evaluation.
- [Privilege Escalation] (SAFE): The skill does not contain commands like sudo, chmod, or other attempts to modify system-level permissions.
- [Persistence Mechanisms] (SAFE): No attempts to modify startup scripts, cron jobs, or registry keys were detected.
Audit Metadata