create
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill makes extensive use of the Bash tool to manage directory structures, manipulate JSON manifests using jq, and execute git commands for version control.
- [EXTERNAL_DOWNLOADS]: Interacts with well-known and trusted services including GitHub (via the gh CLI) and the NPM registry to push code, manage releases, and publish packages.
- [REMOTE_CODE_EXECUTION]: Triggers the execution of validation scripts such as audit_silent_failures.py from associated skill directories and invokes npm-based release workflows that execute package logic.
- [PROMPT_INJECTION]:
- Ingestion points: Captures untrusted user input for plugin names and categories through the AskUserQuestion tool and command-line arguments as seen in references/phase0-discovery.md.
- Boundary markers: Lacks explicit delimiters or markers to separate user-supplied strings from shell script commands during interpolation.
- Capability inventory: Possesses high-privilege capabilities including the Bash, Write, Edit, Skill, and Task tools, which could be leveraged if malicious strings are processed.
- Sanitization: Does not demonstrate explicit sanitization or validation of the plugin name string before its use in shell-based file system operations like mkdir.
Audit Metadata