create-plugin
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to run its internal logic script, scripts/scaffold.py, which performs file system operations such as directory creation and file writing.
- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface (Category 8) by ingesting untrusted user descriptions and interpolating them into the metadata of generated agent files.
- Ingestion points: Plugin and skill descriptions provided by the user during the Phase 1 Discovery Interview.
- Boundary markers: The templates used for generation do not include boundary markers to separate user content from system instructions in the resulting files.
- Capability inventory: The associated scaffolding script is capable of recursive directory creation, file writing, and modification of file permissions (chmod).
- Sanitization: The name parameter is validated with a strict regular expression, but the description field is not sanitized before interpolation into Jinja templates.
Audit Metadata