Skills
skills/vinnie357/claude-skills/claude-plugins/Gen Agent Trust Hub

claude-plugins

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The scripts/validate-plugin.nu script uses git clone to download external plugin repositories from GitHub for validation. This targets a well-known service for the intended purpose of the skill.
  • [COMMAND_EXECUTION]: The skill relies on Nushell (nu) scripts and the git command-line tool to perform file manipulation and network operations. These are used as part of the core functionality for plugin management.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes content from untrusted external files (Category 8).
  • Ingestion points: The scripts/validate-plugin.nu script reads content from plugin.json and SKILL.md files (including those downloaded from GitHub) using the open command.
  • Boundary markers: The script does not use specific delimiters or warnings to isolate the content of fields like description or name when displaying validation results.
  • Capability inventory: The agent utilizing this skill has access to Bash, Write, Edit, and Read tools, which could be exploited if the agent follows malicious instructions found within a validated plugin.
  • Sanitization: The script performs format validation (e.g., kebab-case, length checks) but does not sanitize the text content for potential prompt injection patterns.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 09:36 PM