marketplace-sync
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface (Category 8) due to its data ingestion process.
- Ingestion points: Metadata and descriptive text are read from plugin.json, commands/.md, skills//SKILL.md, and agents/*/AGENT.md files within the repository.
- Boundary markers: The instructions lack delimiters or isolation warnings to prevent the agent from potentially obeying instructions embedded within the scanned plugin content during the marketing copy generation phase.
- Capability inventory: The skill is capable of executing a bundled Python script, reading file contents from the repository, and writing updated JSON data to the docs/ directory.
- Sanitization: No evidence of sanitization, validation, or filtering of the ingested text is present before it is used as input for AI generation.
- [COMMAND_EXECUTION]: The skill requires the execution of a local Python script (scripts/sync-marketplace.py) to extract technical metadata. The script relies on standard Python libraries (json, os, re, pathlib) and operates within the expected local project structure.
Audit Metadata