magento2-backend-toolkit
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill includes comprehensive instructions to mitigate injection risks. It requires the agent to validate all user inputs against strict regular expressions (e.g.,
[A-Z][A-Za-z0-9_]*for module and class names) and explicitly forbids the direct inclusion of user-provided code snippets, instructing the agent to translate them into safe scaffolding instead. - [PROMPT_INJECTION]: Regarding the attack surface for indirect prompt injection (Category 8):
- Ingestion points: User-defined labels, descriptions, and identifiers used across all scaffolding features (1-6).
- Boundary markers: The instructions mandate wrapping user-provided text only inside quoted strings in PHP and applying XML entity escaping for XML/HTML contexts.
- Capability inventory: The skill's primary function is generating code snippets for file creation; it lacks the capability to execute commands, access networks, or modify sensitive system configurations.
- Sanitization: The templates and instructions enforce the use of Magento's
Escapermethods (escapeHtml,escapeUrl,escapeHtmlAttr) to ensure that any user data outputted in PHTML templates is safely handled. - [DATA_EXFILTRATION]: No network requests, hardcoded credentials, or attempts to access sensitive system files (such as SSH keys or environment variables) were detected. The skill operates entirely using its local template assets.
- [REMOTE_CODE_EXECUTION]: There is no evidence of remote script downloading or execution (e.g.,
curl | bash). All templates are bundled within the skill, and external references point to official documentation. - [COMMAND_EXECUTION]: The skill does not perform any direct system command execution. It provides standard Magento CLI commands as text-only troubleshooting steps for the user's manual use in their terminal.
Audit Metadata