Skills
skills/laurigates/claude-plugins/plugin-settings/Gen Agent Trust Hub

plugin-settings

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides bash script templates for extracting configuration data. These templates use standard Linux utilities such as head, grep, sed, and awk to parse YAML frontmatter fields and markdown content in a safe manner.
  • [PROMPT_INJECTION]: The skill facilitates a pattern where an agent reads instructions from a local configuration file and applies them to its behavior, which creates a surface for indirect prompt injection.
  • Ingestion points: .claude/plugin-name.local.md (referenced in SKILL.md)
  • Boundary markers: Absent. The skill does not recommend the use of delimiters or 'ignore embedded instructions' markers when processing the markdown body.
  • Capability inventory: The skill allows the use of Bash, Read, Write, Edit, Grep, Glob, and TodoWrite tools.
  • Sanitization: Absent. The skill does not provide methods for escaping or validating the content read from configuration files before it is used to influence agent behavior.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 08:12 PM