health-plugins
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses dynamic context injection to gather project environment data (current path and existence of plugin metadata) at load time. These commands are benign and directly related to the skill's purpose.
- [COMMAND_EXECUTION]: The skill utilizes Bash tools such as jq and cp to read, back up, and repair the plugin registry in the user's Claude configuration directory. These operations include safety measures like creating backups before modification.
- [PROMPT_INJECTION]: The skill processes local plugin configuration data. While this represents an indirect injection surface, the risk is minimized by the use of structured JSON parsing and the requirement for user confirmation before applying critical registry changes.
Audit Metadata