Plugin Structure
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides instructional content and templates for Claude Code plugin development, facilitating standard architectural patterns for commands, agents, and hooks.
- [SAFE]: The documentation encourages the use of
${CLAUDE_PLUGIN_ROOT}for path resolution, ensuring portability and avoiding risky hardcoded absolute paths that could be used for directory traversal or unauthorized file access. - [SAFE]: Sample configurations for MCP servers and hooks use standard environment variable placeholders (e.g.,
${API_KEY},${GITHUB_TOKEN}) for secret management, instructing users on secure practices rather than hardcoding sensitive credentials. - [SAFE]: Scripts shown in examples, such as the linting and validation scripts, perform routine development tasks within the plugin's local environment without unauthorized system modifications or data exfiltration patterns.
- [SAFE]: No evidence of prompt injection, obfuscation, or hidden malicious instructions was found across the provided documentation and example files.
Audit Metadata