plugin-forge
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill creates plugin manifest and documentation files using unsanitized user input for fields such as author name and description. This establishes an attack surface where malicious instructions could be embedded into the agent's project workspace. Evidence: (1) Ingestion points: command-line arguments in create_plugin.py; (2) Boundary markers: Absent in generated README/JSON templates; (3) Capability inventory: File-write operations via standard Python library; (4) Sanitization: No input validation or escaping performed on metadata fields.
- Command Execution (SAFE): The skill utilizes local Python scripts (create_plugin.py and bump_version.py) to automate project management tasks. These scripts were reviewed and found to perform only legitimate file system operations without signs of obfuscation, network exfiltration, or unauthorized command execution.
Audit Metadata