Skills
skills/orcaqubits/agentic-commerce-skills-plugins/medusa-orders/Gen Agent Trust Hub

medusa-orders

Pass

Audited by Gen Agent Trust Hub on Mar 31, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill provides structured instructions for interacting with the Medusa v2 Order Module and its associated workflows.\n- [EXTERNAL_DOWNLOADS]: The skill fetches updated documentation from docs.medusajs.com, which is the official source for the Medusa framework. This is documented as a safe operation targeting a well-known service.\n- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it instructs the agent to ingest external content from the web while possessing execution capabilities like Bash and Write.\n
  • Ingestion points: External data retrieved via WebSearch and WebFetch as instructed in SKILL.md.\n
  • Boundary markers: Absent; the skill does not specify markers or instructions to isolate external content from the agent's internal logic.\n
  • Capability inventory: Bash, Write, Edit, Grep, and Glob tools are enabled in the YAML frontmatter of SKILL.md.\n
  • Sanitization: Absent; no validation or escaping of retrieved content is performed before the agent processes it.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 31, 2026, 06:10 AM