plugin-forge
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- SAFE (SAFE): No malicious patterns or security vulnerabilities were detected across the analyzed files. The skill provides local automation for plugin lifecycle management.
- [Category 4: Unverifiable Dependencies & Remote Code Execution] (SAFE): The provided Python scripts (
create_plugin.py,bump_version.py) rely exclusively on Python standard libraries (argparse,json,pathlib,os,sys). No external packages are required, and no remote code is downloaded or executed. - [Category 2: Data Exposure & Exfiltration] (SAFE): There are no network operations, hardcoded credentials, or attempts to access sensitive system files. All file operations are restricted to the local marketplace directory provided by the user.
- [Category 8: Indirect Prompt Injection] (SAFE): While the skill ingests user-provided strings (author name, description, etc.) to generate plugin manifests and README files, it does not execute this content or pass it back to the AI in an unsafe manner that would bypass instruction boundaries.
Audit Metadata