objectstack-plugin
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill consists of instructional markdown files and Zod schema definitions. No executable malicious code or dangerous commands were identified during the analysis.
- [EXTERNAL_DOWNLOADS]: References several Node.js packages under the
@objectstackvendor namespace (e.g.,@objectstack/core,@objectstack/objectql,@objectstack/spec). These are identified as legitimate platform dependencies provided by the skill author. - [DATA_EXFILTRATION]: Provides standard code examples for managing configuration and database connections using environment variables (
process.env.API_KEY,process.env.DATABASE_URL). This follows common development practices for secret management. - [PROMPT_INJECTION]: Defines an architecture for data lifecycle hooks (e.g.,
data:beforeInsert) inrules/hooks-events.md. While this creates a surface for processing untrusted data, the skill documentation emphasizes the use of Zod schemas for strict validation and describes security measures like sandboxing and conformance levels in the referenced protocol files.
Audit Metadata