plugin-search
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The
scripts/search_plugins.pyscript retrieves marketplace metadata and repository information from GitHub's API. These network operations target a well-known service and are essential for the skill's functionality to provide up-to-date search results. - [COMMAND_EXECUTION]: Subprocess calls to
curlare used for data retrieval. These calls use list-based arguments withsubprocess.run, which is a secure pattern that prevents shell injection vulnerabilities. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it ingests and displays third-party plugin descriptions. This data enters the agent's context and could contain instructions designed to mislead the AI.
- Ingestion points: Third-party metadata is fetched from various repositories listed in
scripts/marketplaces.jsonand processed by the search script. - Boundary markers: No explicit delimiters or instructions are used to distinguish third-party metadata from authoritative skill instructions.
- Capability inventory: The skill provides search and metadata retrieval, while the host agent environment likely possesses broader capabilities such as file system access.
- Sanitization: The script performs JSON validation but does not sanitize or filter the natural language content within the plugin descriptions.
Audit Metadata