Skills
skills/orderlynetwork/orderly-skills/orderly-plugin-add/Gen Agent Trust Hub

orderly-plugin-add

Pass

Audited by Gen Agent Trust Hub on May 4, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill instructs the agent to fetch plugin metadata using orderly-devkit view and explicitly prioritize following instructions found in the usagePrompt or readme fields provided by the plugin author.
  • Ingestion points: Output of orderly-devkit view <pluginId>, specifically the usagePrompt and readme fields.
  • Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present when processing this external content.
  • Capability inventory: The agent has capabilities to execute grep, modify local source files, and run package installation commands (pnpm install).
  • Sanitization: No sanitization or validation of the fetched metadata instructions is described.
  • [COMMAND_EXECUTION]: The skill uses grep to search the local src/ directory for OrderlyAppProvider usage. This is a standard code discovery operation.
  • [EXTERNAL_DOWNLOADS]: The skill references the use of npx orderly-devkit and pnpm install for fetching plugin metadata and managing dependencies. These operations target the vendor's own ecosystem and standard package registries.
Audit Metadata
Risk Level
SAFE
Analyzed
May 4, 2026, 07:23 AM