maintain-plugins
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
subprocess.runwith argument lists to executegitandpython3for managing plugin repositories and running internal maintenance scripts such asaudit_structure.pyandsync_with_inventory.py. These actions are governed by a 'Recap-Before-Execute' protocol that mandates user confirmation before any commands are generated or run. - [EXTERNAL_DOWNLOADS]: The
plugin_bootstrap.pyscript facilitates the synchronization of plugins by cloning or pulling content from GitHub usinggit. The default source is the author's official repository (richfrem/agent-plugins-skills), which is considered a trusted vendor resource in this context. - [DATA_EXPOSURE]: The skill manages agent configuration files in directories like
.claude,.gemini,.agent, and.github. While the synchronization logic includes file deletions to remove orphaned artifacts, these operations are restricted to specific vendor-managed paths and are protected by a mandatory dry-run phase to prevent the accidental removal of custom project-specific plugins.
Audit Metadata