plugin-authoring
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Privilege Escalation] (MEDIUM): The skill instructs the agent to ensure scripts are executable using 'chmod +x' on dynamically created plugin components. Evidence: SKILL.md checklist and 'Red Flags' section. Risk: Automatically granting execution permissions to dynamically created files is a privilege escalation risk.\n- [Indirect Prompt Injection] (LOW): The skill reads various repository files which constitutes an ingestion surface for untrusted data. Ingestion points: .claude-plugin/, plugin.json, commands/, agents/, skills/, and hooks/ directories. Boundary markers: Absent. Capability inventory: Read, Grep, Glob (Read-only). Sanitization: Absent. Risk: Injected instructions in analyzed repository files could influence the agent's reasoning or behavior.\n- [External References] (LOW): The skill references official documentation from a trusted source. Evidence: Link to docs.anthropic.com. Severity downgraded per [TRUST-SCOPE-RULE].
Audit Metadata