Skills
skills/richfrem/agent-plugins-skills/bridge-plugin/Gen Agent Trust Hub

bridge-plugin

Warn

Audited by Gen Agent Trust Hub on Mar 30, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill accesses and modifies sensitive agent configuration directories, including .agent/, .claude/, .gemini/, and .github/. It also interacts with the user's home directory (~/.agents/) to manage global lock files and environment-specific configurations. Access to and merging of .mcp.json files could expose configuration secrets or API keys.
  • [COMMAND_EXECUTION]: The skill executes shell commands and Python scripts (bridge_installer.py, install_all_plugins.py) to manage file symlinking and deployment. It includes instructions for destructive operations such as rm -rf .agents/ and npx skills remove --all -y to clean up the environment.
  • [PROMPT_INJECTION]: The skill facilitates indirect prompt injection by design. It ingests 'rules' and 'commands' from the plugins/ directory and injects them into agent system instruction files (e.g., CLAUDE.md, .github/copilot-instructions.md).
  • Ingestion points: Plugin component folders located in plugins/*/rules/ and plugins/*/commands/.
  • Boundary markers: Employs <!-- BEGIN RULES --> tags for organizing injected content.
  • Capability inventory: Uses the Write tool to modify agent context files and the Bash tool to run installation scripts.
  • Sanitization: There is no evidence of validation or sanitization of the ingested content before it is promoted to the agent's system-level context.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 30, 2026, 05:33 PM