create-plugin
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFE
Full Analysis
- Data Exposure & Exfiltration (SAFE): The instructions explicitly mandate that credentials must never be passed to the sandbox environment and should be handled via a proxy handler. This is a security best practice for this architecture.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill mentions local build commands like make lint, make test, and make docker-sandbox. There are no instructions to download and execute arbitrary scripts from the internet.
- Indirect Prompt Injection (LOW): While the skill defines how to create data source plugins that will eventually process external data, it provides a structured template and emphasizes credential isolation, reducing the risk of a simple plugin creation task being used as an attack vector.
Audit Metadata