Security audit
Skill Auto-Injection
Security checks across malware telemetry and agentic risk
Overview
This plugin is purpose-aligned but needs review because it can automatically read prompts, scan local skills, send prompt text to a configurable model endpoint, and inject matched skill text into the agent context.
Install only if you are comfortable granting a community plugin access to conversation prompts and permission to modify the agent prompt. Keep the model endpoint local and trusted, remove broad trigger phrases or add an allowlist, avoid entering secrets while it is enabled, and check logs because skipped prompts may be recorded verbatim.
VirusTotal
66/66 vendors flagged this plugin as clean.
Static analysis
No suspicious patterns detected.
