extension-creator
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill provides development templates that involve filesystem interaction, such as
fs.writeFilefor saving configuration data in theconfig.ts.template. It also includes defensive programming guidance; for instance, thePermission Gateexample inreferences/examples-gallery.mddemonstrates how to implement logic to detect and block high-risk commands likesudo,rm -rf, andchmod 777.\n- [INDIRECT_PROMPT_INJECTION]: The skill defines an extension framework that ingests data from agent events, creating a potential surface for indirect prompt injection.\n - Ingestion points: Event payloads such as
AgentStartedEvent.promptandPromptSubmittedEvent.promptprovide paths for untrusted data to enter the agent context (defined inreferences/event-types.md).\n - Boundary markers: Delimiters are not explicitly enforced in the base templates, but the skill provides examples of logic-based blocking for dangerous inputs.\n
- Capability inventory: The
ExtensionContextandTaskContextinterfaces allow extensions to run prompts (runPrompt), execute custom commands (runCustomCommand), and update settings (updateSettings) (found inreferences/extension-interface.md).\n - Sanitization: No default sanitization is provided in the templates, but the documentation includes a pattern for manual command filtering via string matching in the
Permission Gateexample.
Audit Metadata