Plugin Settings
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill provides utility scripts and hook examples that use standard Unix tools (sed, grep, awk, jq) to parse configuration files. It also demonstrates using
tmux send-keysfor local inter-process communication between agent sessions, which is a documented feature of the patterns provided. - [PROMPT_INJECTION]: The skill documents how to feed content from markdown files back into the agent as prompts (e.g., in the 'ralph-wiggum' loop pattern). It explicitly instructs developers to use
jq --argto safely construct JSON payloads, preventing both shell and JSON injection when handling potentially untrusted data. - [DATA_EXFILTRATION]: No external network operations or data exfiltration patterns were detected. The scripts focus on local project file management and inter-process communication within the user's environment.
- [SAFE]: The skill emphasizes security best practices, including recommending restrictive file permissions (chmod 600), enforcing .gitignore for local settings, and providing explicit examples for validating file paths against traversal attacks.
Audit Metadata