pi-gateway-plugin-dev
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes a bash script
scripts/new-plugin.shused for scaffolding new plugin project structures. This script performs local directory creation and templates source files usingsed. It includes regex validation for the plugin ID to prevent path traversal or shell injection during the creation process. - [SAFE]: Template code provided in the
assets/templatesdirectory demonstrates communication with the local gateway service via127.0.0.1. These operations are used for model management and session control within the intended development context and do not involve external exfiltration. No obfuscation or hardcoded credentials were found.
Audit Metadata