Skills
skills/orderlynetwork/orderly-skills/orderly-plugin-create/Gen Agent Trust Hub

orderly-plugin-create

Pass

Audited by Gen Agent Trust Hub on May 4, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses npx to execute @orderly.network/cli and orderly-devkit. These are official vendor tools associated with the skill's author, OrderlyNetwork.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes user-provided inputs (Plugin Name, ID, Interceptor Target, and Target Directory) which are interpolated into shell commands.
  • Ingestion points: Inputs collected from the user as described in SKILL.md.
  • Boundary markers: Commands in SKILL.md use double quotes for variable interpolation (e.g., --name "<PluginName>").
  • Capability inventory: Shell command execution via npx in SKILL.md.
  • Sanitization: reference.md provides specific regex validation rules for plugin names and IDs to ensure they conform to expected formats (PascalCase and kebab-case) and prevent command injection payloads.
Audit Metadata
Risk Level
SAFE
Analyzed
May 4, 2026, 07:23 AM