Plop.js Code Generator Orchestrator
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a configuration-driven orchestrator for Plop.js and related scaffolding tools. Analysis of the provided instructions and metadata revealed no malicious patterns, exfiltration attempts, or obfuscation.- [EXTERNAL_DOWNLOADS]: Installation instructions utilize npx to fetch the skill from the vendor's repository (agentskillexchange/skills). These references are consistent with the skill's author and represent standard installation procedures for this framework.- [COMMAND_EXECUTION]: The documentation mentions the integration of jscodeshift and babel for AST-based code modifications. These are industry-standard development tools used for the skill's primary purpose of code generation and refactoring.- [PROMPT_INJECTION]: The skill processes external templates and dynamic prompts via Inquirer.js. While the processing of external content inherently presents a surface for indirect prompt injection, no malicious payloads were detected, and the functionality is limited to the skill's stated purpose of scaffolding code.
Audit Metadata