plugin-testing
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill directs users to download and install third-party tools such as
pluginvaland theCatch2framework (viabrew installor GitHub releases). While these sources (Tracktion/pluginval) are not on the predefined trusted list, they are reputable tools within the audio development community. - COMMAND_EXECUTION (LOW): The skill provides scripts and instructions for building C++ projects using CMake and executing the resulting binaries. This is the intended primary function for plugin validation and testing.
- INDIRECT_PROMPT_INJECTION (LOW): The skill processes external data including test logs and source code, creating a surface for indirect prompt injection.
- Ingestion points: Test failure logs and source code files (e.g.,
PluginProcessor.cpp). - Boundary markers: Not present in the provided report or menu templates.
- Capability inventory: Shell command execution (CMake, pluginval, test binaries).
- Sanitization: No explicit sanitization of test output before processing is documented.
- DYNAMIC_EXECUTION (LOW): The skill generates and suggests C++ test code based on provided templates, which is then compiled and executed. This is restricted to known templates for stability testing.
Audit Metadata