Skills
skills/c0ntr0lledcha0s/claude-code-plugin-automations/building-plugins/Gen Agent Trust Hub

building-plugins

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is designed to ingest and analyze codebase data to automate plugin creation. 1. Ingestion points: SKILL.md describes gathering requirements from codebase context. 2. Capability inventory: Bash, Write, and Edit tools allow for file modification and command execution. 3. Boundary markers: The skill includes validation scripts (validate-plugin.py and validate-bash.sh) to check for dangerous commands. 4. Sanitization: validate-plugin.py performs regex-based checks for dangerous patterns.
  • [COMMAND_EXECUTION]: The skill templates utilize the Bash tool for setup and validation scripts (e.g., templates/standard-plugin-template/scripts/helper.sh).
  • [EXTERNAL_DOWNLOADS]: The plugin.json template provides an example of using npx -y to fetch packages from the npm registry for MCP servers.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 09:58 AM