optimize-plugin
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute a local Python validation script (validate-plugin.py) located in the environment's plugin root directory. This involves executing shell commands with a user-provided path variable ($TARGET), which presents a command execution surface.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection.
- Ingestion points: Untrusted data enters the agent context through the provided by the user, specifically when the skill reads the .claude-plugin/plugin.json manifest and other component files in the commands, agents, and skills directories (SKILL.md).
- Boundary markers: The skill lacks explicit boundary markers or 'ignore embedded instructions' warnings when passing the content of the target plugin and the validation results to the plugin-optimizer agent in Phase 2 (SKILL.md).
- Capability inventory: Across its phases, the skill employs Bash(bash:*), Task (to launch secondary agents), Read, and Glob tools (SKILL.md).
- Sanitization: There is no evidence of sanitization, escaping, or validation of the external plugin content before it is interpolated into the instructions for the optimization agent (SKILL.md).
Audit Metadata