bridge-plugin
Pass
Audited by Gen Agent Trust Hub on May 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
install_all_plugins.pyorchestrates bulk installations by executing thebridge_installer.pyscript viasubprocess.run. The command is constructed as a list, which is a standard safety measure to prevent shell injection vulnerabilities. - [PROMPT_INJECTION]: The skill facilitates an indirect prompt injection surface by ingesting logic from external plugin files and incorporating them into agent system instruction files (e.g.,
CLAUDE.md,.github/copilot-instructions.md). - Ingestion points: Markdown files and TOML files located within the
plugins/directory. - Boundary markers: The installer wraps injected content in
<!-- BEGIN/END RULES FROM PLUGIN -->markers for management and idempotency. - Capability inventory: The skill has access to file system read/write operations and the ability to execute sibling Python scripts.
- Sanitization: Content is transformed for target environment compatibility (e.g., actor name swapping) but is not otherwise sanitized for malicious content prior to being written into agent configuration files.
Audit Metadata