Plugin Structure
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as an educational and documentation resource for plugin development. It provides templates and architectural guidelines rather than executing sensitive operations itself.
- [COMMAND_EXECUTION]: Educational examples include the use of common developer tools such as git, eslint, and pylint within shell scripts. These are standard practices for the described DevOps and development workflows and are provided for reference.
- [CREDENTIALS_UNSAFE]: The skill correctly demonstrates the use of environment variable placeholders (e.g., ${API_KEY}, ${GITHUB_TOKEN}) for secret management in configuration files. This is documented as a best practice for handling sensitive data safely.
- [PROMPT_INJECTION]: Some examples show hooks that process external data like git diffs or user code. While this technically constitutes an ingestion surface for indirect injection, it is presented as a standard part of development tool functionality within an educational context and does not exhibit malicious intent.
Audit Metadata