plugin-creator
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides educational content and a scaffolding utility for plugin development, following platform-specific best practices.
- [COMMAND_EXECUTION]: The skill includes a local Python script (
scripts/scaffold-plugin.py) used for scaffolding plugin directories. The script validates input using a kebab-case regex for plugin names and employs safe filesystem APIs (pathlib) to create directories and files based on static templates. It does not execute arbitrary shell commands or unsanitized user input. - [DATA_EXFILTRATION]: No network operations or sensitive data access patterns were identified. Technical references correctly use environment variable placeholders (e.g.,
${API_KEY},${TOKEN}) for sensitive configurations, which is a standard security practice. - [PROMPT_INJECTION]: Instructions are strictly focused on guiding the user through the plugin creation process and do not contain attempts to override agent safety protocols or bypass constraints.
Audit Metadata