plugin-help
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill instructs the agent to run a local JavaScript file (
../../hooks/check-wasp-init.js) using thenodecommand via the Bash tool. This allows the execution of arbitrary code provided within the skill's package. While the script is intended for environment checking, it originates from a developer (wasp-lang) not included in the pre-defined list of trusted organizations, necessitating a manual review of the hook's contents before execution.- [INDIRECT_PROMPT_INJECTION] (LOW): The skill's core function is to guide the agent on how to interact with Wasp projects, including the use of specific prompts and external documentation. While this is the intended functionality, it creates a surface where the agent's reasoning is steered by external instructions provided in the plugin's documentation and help sections.
Audit Metadata