plugin-authoring
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill content is restricted to markdown documentation and does not include executable scripts or active tool configurations.
- [COMMAND_EXECUTION]: Educational templates for shell commands (e.g., find, grep, jq) are provided for developers to copy into their own hooks. These commands are configured to operate within relative workspace paths and are not executed by the skill.
- [PROMPT_INJECTION]: The documentation includes patterns for injecting context into the agent prompt (Indirect Prompt Injection surface). However, these are presented as standard platform patterns and are balanced by instructions on creating 'Governance Enforcement' hooks to restrict sensitive operations.
Audit Metadata