plugin-marketplace
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill consists of documentation and local Nushell scripts designed for validating and managing plugin marketplace configurations. No malicious patterns, obfuscation, or unauthorized data access were found.
- [COMMAND_EXECUTION]: The skill includes several utility scripts (e.g.,
validate-marketplace.nu,init-marketplace.nu,analyze-plugins.nu) that perform standard file system operations such as reading, writing, and formatting JSON files. These scripts are intended for local development workflows and do not exhibit dangerous command injection patterns. - [DATA_EXPOSURE]: No hardcoded credentials or sensitive file paths were detected. The skill's operations are confined to the marketplace configuration files and the specified plugin directories.
- [EXTERNAL_DOWNLOADS]: While the marketplace schema documentation specifies support for external plugin sources such as GitHub repositories or Git URLs, this is a core architectural feature for plugin distribution and is clearly documented for user configuration. The provided scripts do not initiate any unauthorized network connections.
Audit Metadata