analyze-plugin
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a meta-utility for analyzing other plugins. It uses a structured 6-phase framework (Inventory, Structure, Content, Patterns, Security, Synthesis) to evaluate third-party code. No malicious patterns were detected in the skill's own instructions or supporting reference files.
- [COMMAND_EXECUTION]: The skill uses standard system commands (
ls,grep,jq) for its 'Phase 0' compliance check. These are restricted to the local directory context of the plugin being analyzed and are used for legitimate security and structure validation. - [EXTERNAL_DOWNLOADS]: The skill references an internal script
inventory_plugin.pyfor file enumeration. While it provides instructions for manual fallback, it does not attempt to download external payloads or execute remote code from untrusted sources. - [DATA_EXFILTRATION]: No evidence of data exfiltration. The skill processes local files and generates analysis reports locally. It does not contain hardcoded credentials or network-connected tools (beyond the
allowed-toolsconfiguration which is scoped by the platform). - [PROMPT_INJECTION]: The skill contains comprehensive documentation on how to detect prompt injection and context poisoning in other plugins (found in
references/security-checks.md), but it does not contain injection attacks itself.
Audit Metadata