plugin-builder
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
Bashtool to create project directory structures through commands such asmkdir -p plugin-{name}/.... While this is a standard functional requirement for scaffolding, it introduces a surface where malformed user input for the plugin name (e.g., containing shell metacharacters) could potentially lead to command injection if not handled by the agent's underlying safety filters.\n- [PROMPT_INJECTION]: The skill processes user-defined capabilities and names to generate code, which represents a surface for indirect prompt injection.\n - Ingestion points: User-provided inputs during the requirements analysis phase, including plugin names, descriptions, and action details.\n
- Boundary markers: No specific delimiters or instructions to ignore embedded commands within user input are provided in the workflow.\n
- Capability inventory: The skill uses
Bash,Write,Edit,Read,Grep, andGlobtools to manage the file system and project files.\n - Sanitization: The skill's instructions do not define validation or sanitization steps for user-supplied strings before they are interpolated into commands or file templates.
Audit Metadata