plugin-marketplace
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFE
Full Analysis
- SAFE (SAFE): No malicious behavior, obfuscation, or unauthorized data access detected. The provided Nushell scripts are administrative tools for managing configuration files.
- Indirect Prompt Injection (SAFE): The scripts process user-provided JSON files as part of their core functionality, which is a common pattern for configuration utilities. This represents a negligible attack surface.
- Ingestion points: plugin.json in scripts/analyze-plugins.nu; marketplace.json in scripts/format-marketplace.nu and scripts/validate-dependencies.nu.
- Boundary markers: Absent (not applicable for static JSON analysis tools).
- Capability inventory: Writing to the local filesystem using the 'save' command and creating directories with 'mkdir'.
- Sanitization: Basic structural validation is performed by the Nushell 'open' command.
Audit Metadata