configure-claude-plugins
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFE
Full Analysis
- [DYNAMIC_CONTEXT_INJECTION]: The skill utilizes the
!commandsyntax to automatically detect the current state of the project when loaded. It executes benign discovery commands such asfindandgit remote -vto check for existing configuration files and repository metadata. - [COMMAND_EXECUTION]: The skill configures
.claude/settings.jsonwith a broad set of allowed Bash command patterns (e.g.,git *,gh *,pre-commit,gitleaks). While these are common for development workflows, they grant the agent significant control over the local git environment and GitHub CLI interactions. - [EXTERNAL_DOWNLOADS]: The skill configures GitHub Actions to download and use the
laurigates/claude-pluginsmarketplace. This repository belongs to the skill's author and is used to extend the capabilities of the Claude Code action. - [SAFE]: No malicious patterns, obfuscation, or data exfiltration attempts were detected. The skill follows best practices for secret management by instructing users to manually add authentication tokens to GitHub secrets rather than hardcoding them.
Audit Metadata