federation
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructions allow the agent to fetch plugin registry indexes from arbitrary remote HTTP(S) URLs.
- [REMOTE_CODE_EXECUTION]: The workflow facilitates the installation of plugins from external sources, enabling the execution of code provided by those registries.
- [COMMAND_EXECUTION]: The skill provides commands for synchronizing registries and installing plugins from lockfiles, involving significant network and filesystem activity.
- [CREDENTIALS_UNSAFE]: The protocol supports authentication via tokens and OIDC for private registries, which involves the management of sensitive user credentials.
Audit Metadata