Plugin Structure
Pass
Audited by Gen Agent Trust Hub on Jun 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is entirely instructional and documentation-based, providing templates and examples for building Claude Code plugins. No malicious patterns such as prompt injection, data exfiltration, or unauthorized command execution were detected.
- [COMMAND_EXECUTION]: The examples provided (e.g., standard-plugin.md) correctly demonstrate the use of development tools like 'git', 'eslint', and 'pylint' within shell scripts for validation and quality control. These are standard practices in plugin development and do not pose a security risk in this context.
- [CREDENTIALS_UNSAFE]: The documentation correctly identifies and recommends using environment variables (e.g., '${API_KEY}', '${GITHUB_TOKEN}') for managing sensitive information, which is the recommended best practice for plugin development.
- [EXTERNAL_DOWNLOADS]: The skill mentions standard development packages such as 'eslint' and 'pylint' in its examples. These are well-known, trusted tools used for code linting and static analysis.
Audit Metadata