a0-review-plugin
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches a community plugin index from the vendor's official GitHub repository (
https://github.com/agent0ai/a0-plugins/releases/download/generated-index/index.json) to perform duplicate detection. This is an expected operation for an audit tool using vendor-provided resources. - [COMMAND_EXECUTION]: Instructs the agent to analyze plugin scripts (
hooks.py,execute.py) for specific patterns such as subprocess calls and package installations to verify they follow secure development practices. - [PROMPT_INJECTION]: As a review tool, the skill processes third-party plugin code, which inherently presents a surface for indirect prompt injection. This risk is minimized by the skill's analytical use case.
- Ingestion points: Plugin source files (YAML, Python, HTML/JS) located in
usr/plugins/. - Boundary markers: Not explicitly specified in the audit instructions to isolate reviewed content from the agent's logic.
- Capability inventory: The skill has file system access for reading plugin contents and network access for fetching the community index.
- Sanitization: The skill analyzes code for specific patterns and reports findings without executing the untrusted code it reviews.
Audit Metadata