claude-plugin-audit
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: LOWPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill analyzes untrusted external content from plugin directories, such as SKILL.md and plugin.json files. This creates a surface where malicious content within an audited plugin could attempt to influence the agent's output. Ingestion points: All files within the target path including metadata and skill bodies. Boundary markers: None specified in instructions. Capability inventory: Read, Grep, Glob, Bash(find), and Bash(jq); no write or network tools are permitted. Sanitization: None defined. The impact is low because the agent lacks write and network capabilities.
- [Command Execution] (LOW): The skill uses Bash(find) and Bash(jq). While restricted to these specific binaries, these tools are used to process components of the audited plugin. If the agent does not properly handle filenames containing shell metacharacters, there is a minor risk of unintended behavior, though the tool-specific restriction and 'Never: Modify files' rule significantly mitigate this.
Audit Metadata