plugins
Fail
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The skill is designed to install and execute arbitrary code through a plugin system. Commands like
/plugins install <url>inSKILL.mdenable the direct execution of unverified remote code. - [EXTERNAL_DOWNLOADS] (HIGH): The documentation explicitly promotes downloading and installing plugin artifacts (e.g.,
.zipfiles) from arbitrary URLs such as GitHub releases, which bypasses standard security scanning found in managed registries. - [COMMAND_EXECUTION] (HIGH): The plugin permission model defined in
SKILL.mdincludes anexecpermission, which allows installed plugins to execute shell commands on the host system. - [DYNAMIC_EXECUTION] (MEDIUM): The implementation in
index.tsusespluginService.loadFromDirectory(dir)to dynamically load and execute JavaScript/TypeScript modules from the filesystem, which can be exploited if an attacker can write to the specified directory.
Recommendations
- AI detected serious security threats
Audit Metadata