pluginstaller
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches plugin directories and configuration from user-provided GitHub repositories to be installed locally.
- [COMMAND_EXECUTION]: Instructions require the agent to restart the Codex service, implying the execution of system-level commands.
- [PROMPT_INJECTION]: The skill ingests untrusted data from external sources, presenting a risk of indirect prompt injection.
- Ingestion points: External GitHub repository contents and the
.codex-plugin/plugin.jsonmanifest file (SKILL.md). - Boundary markers: None identified; the instructions do not include delimiters or warnings to ignore instructions within the ingested content.
- Capability inventory: File system writes, directory copying, and service restart capabilities (SKILL.md).
- Sanitization: Minimal validation is performed; the skill only checks for the presence of specific metadata keys in the JSON manifest.
Audit Metadata