Skills
skills/plow-pbc/openseed/seed-install/Gen Agent Trust Hub

seed-install

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill is designed to clone external Git repositories from user-provided URLs and execute shell command blocks defined within their SEED.md files.
  • [COMMAND_EXECUTION]: The skill implements an 'unattended' execution model called a 'Display Gate.' While it displays the full content of every shell block and provides a one-line summary before execution, it does not require individual user confirmation for each block.
  • [DATA_EXFILTRATION]: Upon completion, the skill offers to upload an 'install-report.json' to the vendor's backend (seeds.plow.co). This report contains system telemetry (OS version, hardware model, platform) and agent identity metadata. This action is transparent and requires explicit user consent (y/N) for each run.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it 'best-effort infers' installation requirements from natural language prose in external, potentially untrusted SEED.md files.
  • [SAFE]: The skill implements significant safety measures, including a TTY guard in its prepare-script to prevent automated secret harvesting, symlink-safe file writing using atomic renames, and a strict policy of never collecting secrets within the agent conversation.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 10:35 PM
Security Audit — agent-trust-hub — seed-install