Back to plugin

Security audit

Skill Auto-Injection

Security checks across malware telemetry and agentic risk

Overview

This plugin is purpose-aligned but needs review because it can automatically read prompts, scan local skills, send prompt text to a configurable model endpoint, and inject matched skill text into the agent context.

Install only if you are comfortable granting a community plugin access to conversation prompts and permission to modify the agent prompt. Keep the model endpoint local and trusted, remove broad trigger phrases or add an allowlist, avoid entering secrets while it is enabled, and check logs because skipped prompts may be recorded verbatim.

VirusTotal

66/66 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.