logseq-plugin-dev
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADS
Full Analysis
- [Unverifiable Dependencies] (MEDIUM): The skill's templates (
assets/template-react/package.json) depend onvite-plugin-logseq. This package is not hosted by a designated trusted organization (e.g., Microsoft, Google, Vercel) and represents an external supply-chain dependency that should be audited before use. - [Indirect Prompt Injection] (LOW): The skill provides instructions and examples for reading user-generated content from the Logseq editor using
logseq.Editor.getCurrentPageBlocksTree(). - Ingestion points:
logseq.Editor.getCurrentPageBlocksTree()(documented inreferences/api.md). - Boundary markers: None identified in templates or examples.
- Capability inventory: The skill facilitates the creation of plugins with capabilities to write data (
insertBlock,updateBlock) and query the database (datascriptQuery). - Sanitization: No specific sanitization or validation logic is provided for handling content retrieved from blocks. An attacker could place malicious instructions in a Logseq block to influence the behavior of an agent-generated plugin.
Audit Metadata