install-plugin-to-socket
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a developer-focused workflow for local plugin installation and management. It correctly identifies specific local paths for plugin storage and marketplace registration (~/.codex/plugins/ or repo/plugins/).
- [SAFE]: The accompanying Python script (
install_plugin_to_socket.py) includes a security check (_path_within_root) using path resolution to ensure that all file operations (copying, deleting, writing) remain within the intended scope, preventing path traversal attacks from malicious plugin metadata. - [SAFE]: The skill utilizes standard Python libraries (
shutil,pathlib) for file management and follows a 'check-only' before 'apply' pattern, which allows the agent to audit the proposed changes before execution. - [SAFE]: External references are limited to official OpenAI documentation, which is a trusted source.
Audit Metadata