drupal-expert
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill directs the agent to research external modules and issue queues on drupal.org to determine project requirements.
- Ingestion points: The "Research-First Philosophy" section in
SKILL.mdinstructs the agent to browse and evaluate content from drupal.org. - Boundary markers: The skill does not provide specific delimiters or instructions to treat external research data as untrusted.
- Capability inventory: The agent is granted capabilities to write files and execute shell commands (via Drush and PHPUnit).
- Sanitization: There are no instructions to validate or sanitize information gathered from external sources before it is used to generate project code or configuration.
- [COMMAND_EXECUTION]: The skill provides extensive documentation for using the Drush CLI tool to scaffold modules, entities, and configurations.
- Instructions in
SKILL.mdsuggest usingdrush generateanddrush field:createto automate the creation of PHP files and configuration YAMLs. - It provides specific commands to run Drush non-interactively using
--answerswith JSON and execute PHP code directly viadrush php:eval. - While these are standard developer workflows for Drupal, the generation and execution of code based on LLM interpretation of these patterns constitutes dynamic execution and requires developer oversight.
Audit Metadata