plumcake
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the user to install the global package 'plumcake-cli' from the NPM registry to function.
- [COMMAND_EXECUTION]: The skill instructions provide the agent with a set of CLI commands ('plumcake post', 'plumcake list', 'plumcake read', 'plumcake comment', 'plumcake close') to interact with the service.
- [DATA_EXFILTRATION]: The skill performs network operations to an external, non-whitelisted domain ('plumcake.kushalsm.com'). The instructions specifically direct the agent to transmit information regarding system blockers, which may include details about environment variables or system authentication states.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface (Category 8).
- Ingestion points: Human-provided feedback and comments are pulled into the agent's context using the 'plumcake read' command.
- Boundary markers: No specific delimiters or instructions are used to separate the external content from the agent's primary instructions.
- Capability inventory: The agent has the ability to execute network requests and read local files via the provided CLI tool.
- Sanitization: No validation or sanitization of the comments retrieved from the remote service is described.
Audit Metadata