skills/obra/superpowers-developing-for-claude-code/developing-claude-code-plugins/Gen Agent Trust Hub
developing-claude-code-plugins
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [SAFE] (SAFE): A comprehensive review of the instructions, documentation, and code templates found no evidence of malicious intent, prompt injection, or unauthorized data access. The skill functions solely as a technical reference.
- [COMMAND_EXECUTION] (INFO): The skill provides examples of shell commands (e.g., mkdir, chmod, jq, git) and Claude Code slash commands (e.g., /plugin). These are contextually appropriate for a development workflow and are presented as educational examples rather than autonomously executed payloads.
- [EXTERNAL_DOWNLOADS] (INFO): The documentation describes standard plugin distribution methods via GitHub repositories. No unauthorized or suspicious remote code downloads are initiated by the skill itself.
- [INDIRECT_PROMPT_INJECTION] (LOW): While the skill guides the creation of plugins that process data, it does so using standard platform features. The vulnerability surface is limited to the developer's own implementation of the provided patterns.
Audit Metadata