Security risk report for @forgecat/anthropics_claude-plugins-official_example-plugin v0.0.3
Source Integrity
Low
Profile is sourced from Anthropic's official claude-plugins-official repository (https://github.com/anthropics/claude-plugins-official), a trusted first-party source.
Metadata clearly attributes origin and includes commit hash (7e401ed) for auditability; Apache-2.0 license is standard and legitimate.
Agent Intent
Low
Content is purely educational and demonstrative—it documents plugin structure, skill formats, and frontmatter options without instructing the agent to perform any malicious actions.
No prompt injection, role hijacking, credential exfiltration, system prompt leakage, or guidance poisoning detected; the profile teaches best practices for skill development.
References to tools (Read, Glob, Grep, Bash) are used as examples in documentation, not as instructions to execute or hide behavior.
Details
Evidence
README.md: 'A comprehensive example plugin demonstrating all Claude Code extension options' — describes, does not instruct.
skills/example-skill/SKILL.md: 'This skill demonstrates the structure and format for Claude Code plugin skills' — educational reference material.
Allowed tools (Read, Glob, Grep, Bash) are scoped to example commands and skills; each tool is appropriate for its stated purpose (parsing arguments, file inspection, command execution).
No alwaysApply=true rules or glob='**' patterns that would grant unrestricted authority; permissions are minimal and match the example/template nature of the profile.
No file_write, file_delete, or other high-risk mutations declared; Bash is used only in example context, not as a default or hidden capability.
Details
Evidence
skills/example-command/SKILL.md: 'allowed-tools: [Read, Glob, Grep, Bash]' — scoped to a single example command.
No global hooks or agents with excessive authority; all skills are contextual and user-invoked.
MCP Risk
MCP-000Medium
An MCP server is configured pointing to an external HTTP endpoint (`https://mcp.example.com/api`), which is a placeholder/example URL but still represents an external network call.
The domain `mcp.example.com` is a generic example domain and not a known-safe, verified MCP provider; in a real deployment this URL would need to be replaced with a trusted endpoint.
No hidden instructions or suspicious tool descriptions are present in the MCP definition, but the external HTTP type with an unverified host warrants caution.