craftcms-ops

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [SAFE]: The content is dedicated to technical documentation, code snippets, and architectural guidelines for Craft CMS 5 development, matching its stated purpose.
  • [METADATA_POISONING]: There is a discrepancy between the author identifier provided in the context (0xdarkmatter) and the author field in the skill metadata (claude-mods), which may lead to confusion regarding the skill's origin.
  • [INDIRECT_PROMPT_INJECTION]: The skill provides instructions for the agent to retrieve and process data from a Craft CMS database (e.g., via element queries in references/twig-and-queries.md and GraphQL in references/graphql-and-plugins.md). This creates an attack surface where an attacker who has compromised the CMS content could attempt to influence the agent's actions through embedded instructions.
  • Ingestion points: Data retrieved via craft.entries() queries and GraphQL entries queries as documented in references/twig-and-queries.md and references/graphql-and-plugins.md.
  • Boundary markers: No instructions are provided to the agent to treat retrieved content as untrusted or to use delimiters.
  • Capability inventory: The skill is configured with Bash, Read, and Write tool permissions in SKILL.md, which could be misused if the agent obeys instructions embedded in fetched content.
  • Sanitization: The provided Twig and PHP examples do not demonstrate sanitization of external data before use.
  • [SAFE]: External resource references point to official project documentation at craftcms.com and reputable ecosystem sites like putyourlightson.com.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 11:54 AM
Security Audit — agent-trust-hub — craftcms-ops