version
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill performs shell interpolation of the plugin name and version variables in commands such as
git commit -m "chore(<name>): bump version to <new-version>"andcat plugins/<name>/.claude-plugin/plugin.json. Malicious input (e.g.,;,&, or$(...)) in the plugin name or version field could lead to arbitrary command execution or path traversal beyond the intended directory.\n- INDIRECT_PROMPT_INJECTION (LOW): The skill ingests data from local configuration files which could be manipulated to influence agent behavior.\n - Ingestion points: File content from
plugin.jsonandmarketplace.jsonis read in Step 2 and Step 5.\n - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the processing logic.\n
- Capability inventory: The skill has access to directory listing (
ls), file reading (cat), and version control operations (git add,git commit,git tag).\n - Sanitization: No validation or escaping is performed on the extracted version string or the user-provided plugin name.
Audit Metadata