enhance-plugins
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill operates as a static analysis tool for evaluating the security and structure of other plugins. It does not perform any network operations or access sensitive credentials.
- [PROMPT_INJECTION]: Argument parsing in the skill's workflow is implemented safely using string splitting and filtering, avoiding the use of dangerous evaluation functions on user-provided input.
- [COMMAND_EXECUTION]: The 'Fix' functionality is explicitly restricted to structural schema improvements, such as ensuring strict property validation. It is intentionally designed to avoid automated changes to security-sensitive patterns, which requires human review.
- [DATA_EXFILTRATION]: Although the skill identifies standard plugin configuration paths, including some in the user's home directory (e.g., Codex config), its activities are limited to local analysis and reporting without any external data transmission capability.
Audit Metadata