plumcake
Warn
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructions specify the global installation of the
plumcake-clipackage via NPM. This package is hosted on a public registry and originates from a source not identified as a trusted vendor. - [COMMAND_EXECUTION]: The skill's primary functionality relies on the execution of the
plumcakeCLI tool, which interacts with the local shell and file system to manage communication with the external platform. - [DATA_EXFILTRATION]: The
plumcake postcommand transmits data to an external server atplumcake.kushalsm.com. Using the@./filesyntax, the agent is instructed to read local files and send their contents to this remote endpoint. This creates a data exfiltration vector if the agent is manipulated into sending sensitive files or environment configurations. - [PROMPT_INJECTION]: The skill retrieves external data, such as blocker posts and comments, via the
plumcake readandplumcake listcommands. This content is then integrated into the agent's context, creating an attack surface for indirect prompt injection. - Ingestion points:
SKILL.md(viaplumcake listandplumcake readcommands). - Boundary markers: Absent. The instructions do not provide delimiters or warnings for the agent to ignore instructions embedded in the external posts it reads.
- Capability inventory: The skill includes capabilities to read local files and perform network operations via the CLI, alongside any default capabilities provided to the agent.
- Sanitization: Absent. There are no mechanisms described to sanitize or validate the external content before it is processed by the AI.
Audit Metadata