Skills
skills/anentrypoint/gm-skill/create-lang-plugin/Gen Agent Trust Hub

create-lang-plugin

Pass

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides code snippets for executing external CLI tools using Node.js execFileSync and spawnSync functions, which can run arbitrary system commands if misconfigured.
  • [PROMPT_INJECTION]: The skill documents an architecture for injecting data into every agent prompt via a context field, creating an indirect prompt injection surface.
  • Ingestion points: The fileContent parameter in the lsp.check example receives untrusted data from the agent context.
  • Boundary markers: The provided templates do not include delimiters or instructions for the agent to ignore embedded commands in the injected content.
  • Capability inventory: The skill body contains examples of execFileSync, spawnSync, fs.writeFileSync, and http.request.
  • Sanitization: No sanitization or escaping of external content is present in the provided code examples.
  • [REMOTE_CODE_EXECUTION]: The skill includes a pattern described as "HTTP eval against a running server" using http.request to fetch and process data from local network services.
Audit Metadata
Risk Level
SAFE
Analyzed
May 17, 2026, 10:31 AM
Security Audit — agent-trust-hub — create-lang-plugin