copilot-plugin-creator
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill is a legitimate utility for scaffolding plugin files. It performs standard directory and file creation (plugin.json, README.md) based on user input and does not engage in any suspicious or high-risk system operations.\n- [EXTERNAL_DOWNLOADS]: The skill references official documentation from github.com and visualstudio.com. These are verified and trusted sources used to provide guidance to the user, not for automated script execution or downloading untrusted binaries.\n- [PROMPT_INJECTION]: The skill processes user-defined descriptions and repository metadata to customize generated configuration files. While this represents a data ingestion surface, the risk of indirect injection is negligible as the data is used exclusively for populating static text fields in a scaffold.
Audit Metadata