plugin-engineer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is designed to ingest untrusted data from external sources which could contain malicious instructions. Ingestion points: External documentation, community forums (Stage 1), and target repository source code (Stage 2). Boundary markers: None; the skill lacks instructions to delimit untrusted content or warn the agent about embedded commands. Capability inventory: The skill allows unrestricted use of
Bash,Write, andEdittools. Sanitization: None; no validation or escaping of ingested content is mentioned. - Privilege Escalation (LOW): The workflow involves creating executable scripts (Stage 7). While
chmod +xon newly created files is typically a MEDIUM severity finding, it is downgraded to LOW here as it is a necessary part of the skill's primary purpose of plugin engineering and distribution.
Audit Metadata