analyze-plugin
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection via Untrusted Data Ingestion. The skill is designed to systematically read and analyze third-party plugin content, including markdown, scripts, and configuration files. This creates a surface for indirect prompt injection attacks where the data being analyzed contains malicious instructions.
- Ingestion points: Files within the user-provided
<plugin-dir>are read during the Inventory (Phase 1) and Content Analysis (Phase 3) stages. - Boundary markers: The instructions do not define clear delimiters or "ignore instructions" directives to separate the content being analyzed from the agent's system instructions.
- Capability inventory: The skill possesses the
Bashtool for command execution, as well asReadandWritecapabilities for file manipulation. - Sanitization: There are no explicit steps for sanitizing or escaping the text loaded from external files before processing.
- [COMMAND_EXECUTION]: Local Script Execution via Bash. The skill invokes a local Python script (
inventory_plugin.py) using theBashtool to perform its inventory phase. While the script is part of the skill's internal directory structure, the use of a general-purpose shell tool to execute logic based on external inputs introduces a standard risk surface for command-line interactions.
Audit Metadata