Skills
skills/cafe3310/public-agent-skills/plugin-search-and-use/Gen Agent Trust Hub

plugin-search-and-use

Pass

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to manually execute shell commands defined in external configuration files (hooks.json), such as npm run lint. This creates a vector for executing arbitrary code if a plugin's configuration is malicious.
  • [PROMPT_INJECTION]: The skill implements an indirect prompt injection surface by design. It is instructed to read external SKILL.md files and inject their content directly into the conversation logic.
  • Ingestion points: Local filesystem paths targeting .claude-plugin/plugin.json and skills/*/SKILL.md files within the provided plugin library directory.
  • Boundary markers: None. The skill does not define delimiters or provide instructions to the agent to treat the loaded content as untrusted data.
  • Capability inventory: The agent is granted the ability to read local files, scan directories, and execute commands derived from the loaded plugins.
  • Sanitization: No validation or sanitization of the external Markdown content or hook commands is mentioned.
Audit Metadata
Risk Level
SAFE
Analyzed
May 13, 2026, 02:22 PM