enhance-plugins
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No instructions attempting to override agent behavior, bypass safety filters, or extract system prompts were found. The use of 'HIGH' or 'MEDIUM' refers to the certainty of detection patterns, not malicious directives.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials or sensitive file paths (e.g., ~/.aws/credentials) are accessed or transmitted. The skill explicitly looks for hardcoded secrets as a security check for other plugins.
- [Obfuscation] (SAFE): The file is written in clear markdown and standard JavaScript. No Base64, zero-width characters, or encoded commands were detected.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill does not perform external package installations or execute remote scripts. It provides a framework for static analysis of local plugin files.
- [Privilege Escalation] (SAFE): No commands for acquiring elevated permissions (e.g., sudo, chmod 777) are present. It focuses on identifying broad file access in tools it analyzes.
- [Persistence Mechanisms] (SAFE): No attempts to modify system startup files, shell profiles, or cron jobs were detected.
- [Indirect Prompt Injection] (SAFE): While the skill ingests untrusted data (plugin.json, directory structures) for analysis, it does so to identify security issues. It does not blindly interpolate this data into executable contexts in a way that suggests vulnerability to injection. Its primary purpose is the detection of such risks.
Audit Metadata