plugin-manager
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection surface identified in the file management workflow. 1. Ingestion points: Plugin names and skill names provided as user input (SKILL.md). 2. Boundary markers: Absent; user input is interpolated directly into paths. 3. Capability inventory: Creation of directories and symlinks (SKILL.md). 4. Sanitization: Absent; the agent is not instructed to validate or sanitize path segments against traversal.
- [NO_CODE] (SAFE): No executable code (scripts, binaries, or configuration-driven code execution) is included in the skill.
Audit Metadata