sync-to-marketplace
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [Data Exposure & Exfiltration] (LOW): Accesses
~/.skillforge-configto retrieve paths for the marketplace. While accessing files in the home directory is a sensitive operation, it is required for the skill's configuration, and no evidence of data exfiltration to external domains was found. - [Indirect Prompt Injection] (LOW): The skill exhibits a vulnerability surface where untrusted data (plugin content, user-provided names, and configuration values) is interpolated into prompts sent to subagents.
- Ingestion points:
~/.skillforge-config,.claude/directory contents, and interactive user input for plugin names and versions. - Boundary markers: Absent. The skill uses direct string interpolation (e.g.,
prompt="发布插件 {plugin-name} 到 {marketplace-path}") without delimiters or instructions to ignore embedded commands. - Capability inventory: Uses
Bashfor file system manipulation,Writefor metadata updates, andTaskfor triggering external agent workflows. - Sanitization: None detected. The skill does not appear to validate or escape inputs before passing them to the
Tasktool. - [Command Execution] (LOW): The skill utilizes the
Bashtool to perform standard directory management and file copying operations (mkdir, cp). These actions are limited to the workspace and development directories.
Audit Metadata