musicfree-plugin-dev
Warn
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands to check the local Node.js environment and perform package management tasks.
- [REMOTE_CODE_EXECUTION]: The AI generates and executes multiple local JavaScript files (e.g., probe.js, observe-search.js, test-plugin.js) to perform browser automation and site analysis.
- [EXTERNAL_DOWNLOADS]: The skill triggers the installation of the Playwright library and its browser dependencies from the public NPM registry.
- [PROMPT_INJECTION]: An indirect prompt injection surface is present. 1. Ingestion points: External website content and API responses fetched via axios and Playwright. 2. Boundary markers: No delimiters or instructions are used to separate untrusted site content from the AI's logic. 3. Capability inventory: Local script execution via Node.js, file system writes, and network operations. 4. Sanitization: External site content is not validated or sanitized before being analyzed by the AI.
Audit Metadata