Skills
skills/viktor-ferenczi/se-dev-skills/se-dev-plugin/Gen Agent Trust Hub

se-dev-plugin

Pass

Audited by Gen Agent Trust Hub on Apr 28, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The Prepare.bat script automates the installation of the uv tool by fetching an installation script from astral.sh and executing it via PowerShell's iex command. This is a standard and documented installation method for the Astral uv tool.
  • [EXTERNAL_DOWNLOADS]: Several scripts perform downloads from external sources:
  • Prepare.bat downloads the busybox executable from frippery.org, a well-known source for BusyBox on Windows.
  • download_pluginhub.py fetches the plugin registry from the StarCpt/PluginHub repository on GitHub.
  • download_plugin_source.py downloads plugin source code as ZIP archives from GitHub repositories.
  • These downloads are essential for the skill's primary purpose and target well-known or trusted services.
  • [COMMAND_EXECUTION]: The skill uses various shell commands and local script executions:
  • It leverages busybox.exe to provide UNIX-like utilities (grep, find, cat, etc.) on Windows systems.
  • download_plugin_source.py invokes index_plugins.py via subprocess.run to re-index code after a download.
  • These executions are scoped to the project directory and are consistent with code analysis workflows.
  • [SAFE]: The skill facilitates the analysis of third-party C# code downloaded from GitHub. While processing untrusted code inherently presents an indirect prompt injection surface (Category 8), the skill's focus on developer education and the use of structured indexing via tree-sitter makes this a standard functional risk rather than a malicious vector. The mandatory evidence chain for the code ingestion surface is as follows:
  • Ingestion points: download_plugin_source.py (fetching) and index_plugins.py (parsing).
  • Boundary markers: No explicit boundary markers are used when the agent reads indexed code, but documentation warns users that plugins can run native code and should be reviewed.
  • Capability inventory: subprocess.run, dotnet build, and shell utilities are available, but are intended for plugin development tasks.
  • Sanitization: The skill uses tree-sitter for structured parsing rather than simple string interpolation, which provides a layer of data normalization.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 28, 2026, 10:19 PM