datocms-plugin-builder
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a legitimate development assistant for DatoCMS plugin projects. It focuses on incremental updates and maintenance using the official SDK.
- [COMMAND_EXECUTION]: The agent is instructed to run standard project build and verification scripts (e.g.,
npm run build,pnpm build). These are necessary for verifying code changes in a developer environment. - [EXTERNAL_DOWNLOADS]: The documentation references official DatoCMS libraries and well-known open-source packages. Examples also illustrate connections to trusted third-party services like Unsplash for asset sourcing.
- [PROMPT_INJECTION]: Deterministic alerts regarding instruction concealment are false positives. The text uses terms like "hide" and "conceal" in the context of UI design (e.g., hiding buttons based on user permissions) and encourages honesty in user interfaces.
- [DATA_EXFILTRATION]: Access to the Content Management API via
currentUserAccessTokenis documented as a standard feature, with explicit instructions to use it only when authorized by plugin permissions and to implement runtime guards.
Audit Metadata