main
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes local verification and initialization scripts (e.g.,
check-deps.sh,check-zotero.sh,init-writing-dir.sh) located within the plugin's root directory. These are internal tools used for environment verification and project setup. - [CREDENTIALS_UNSAFE]: References Zotero API credentials and library IDs; however, it correctly implements security best practices by verifying their presence in environment variables or local
.envfiles rather than hardcoding them. - [EXTERNAL_DOWNLOADS]: Recommends the installation of the
pyyamlpackage from the standard Python Package Index (PyPI) to handle configuration parsing. - [PROMPT_INJECTION]: Ingests data from local project files and git diffs to restore session state.
- Ingestion points:
.writing/progress.md,.writing/findings.md,.writing/metadata.yaml, andgit diffoutput. - Boundary markers: Absent.
- Capability inventory: Execution of local shell scripts and invocation of domain-specific sub-skills.
- Sanitization: Absent. This ingestion is a functional requirement for context recovery and constitutes a low-risk surface.
Audit Metadata