Plugin Structure
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill contains instructional content for plugin development. The example hooks use prompts for legitimate safety checks (e.g., verifying bash commands for production safety) and do not attempt to bypass agent constraints.
- [DATA_EXFILTRATION]: No hardcoded credentials or sensitive file paths were detected. Examples correctly demonstrate the use of environment variables (e.g.,
${GITHUB_TOKEN},${API_KEY}) for sensitive configurations. - [REMOTE_CODE_EXECUTION]: No remote scripts are downloaded or executed. The skill correctly teaches the use of
${CLAUDE_PLUGIN_ROOT}for referencing local plugin assets. - [COMMAND_EXECUTION]: Example scripts (e.g.,
validate-commit.sh,run-linter.sh) use standard local tools likebash,npx eslint, andpylintfor code quality checks. - [OBFUSCATION]: The content consists entirely of clear text markdown and JSON configuration examples with no encoded or hidden data.
- [PRIVILEGE_ESCALATION]: There are no commands that attempt to gain elevated privileges or modify system-level permissions.
- [PERSISTENCE]: The skill does not contain logic to modify shell profiles or create scheduled tasks for persistence.
- [INDIRECT_PROMPT_INJECTION]: While the skill describes processing user code (e.g., linting), the examples provided are for educational purposes and do not exhibit vulnerabilities to data-driven instruction injection.
Audit Metadata