Skills
skills/codealive-ai/agents-reflection-skills/plugins-management/Gen Agent Trust Hub

plugins-management

Pass

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses Python's subprocess module in scripts/prepare_submission.py to interact with local development tools such as git and gh. This is used to automate metadata gathering (e.g., commit SHA, repository URL) for plugin submission. The commands are executed using argument lists (avoiding shell interpolation) and are limited to the skill's stated purpose of plugin management.- [SAFE]: The skill implements security best practices by including a validation script (scripts/validate_plugin.py) and requiring explicit user confirmation via the AskUserQuestion tool before performing any uninstallation or file deletion operations.- [SAFE]: Input validation is present in the initialization scripts (e.g., scripts/init_plugin.py) to ensure plugin names follow a strict kebab-case alphanumeric format, preventing potential path traversal or command injection via malformed names.
Audit Metadata
Risk Level
SAFE
Analyzed
May 9, 2026, 10:57 PM