plugin-packaging
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [Command Execution] (MEDIUM): The skill executes system-level commands including pkgbuild, productbuild, and grep using variables extracted from user-controlled files like CMakeLists.txt. If these files contain malicious shell metacharacters, it could lead to arbitrary command execution on the host machine.
- [Remote Code Execution] (MEDIUM): The skill generates a postinstall script which is packaged into an installer. This script executes with elevated privileges on the system where the installer is run. The logic for this script is defined in an external reference file (references/pkg-creation.md) not provided in the skill package, making its behavior unverifiable.
- [Indirect Prompt Injection] (LOW): The skill processes untrusted project data. Evidence Chain: 1. Ingestion points: CMakeLists.txt, parameter-spec.md, creative-brief.md; 2. Boundary markers: Absent; 3. Capability inventory: pkgbuild, productbuild, git, rm, cp; 4. Sanitization: Absent, relies on simple quoting.
- [Security Bypass Advice] (LOW): The skill's documentation templates (readme-template.txt) provide explicit instructions on how to bypass macOS Gatekeeper security warnings. While functional for unsigned software, this technique is frequently leveraged to facilitate the installation of untrusted or malicious applications.
Audit Metadata