Analyzed: March 31, 2026 leak snapshot

Plugin directory model

The header comment in src/utils/plugins/pluginLoader.ts documents the expected plugin structure:
  • plugin.json
  • commands/
  • agents/
  • hooks/
The loader also supports marketplaces, session-only plugins, and versioned cache paths.

Discovery and precedence

The same header comment describes discovery precedence:
  1. marketplace-based plugins
  2. session-only plugin directories
The broader plugin system also includes built-in plugins and plugin-provided skills via loadPluginCommands.ts.

Caching and versioning

The loader creates versioned cache paths under the plugins directory and can also probe seed caches. It supports both directory caches and zip-cache variants. This is a sophisticated installation system rather than a naive “clone into folder” flow.

Commands and skills from plugins

src/utils/plugins/loadPluginCommands.ts turns plugin markdown into command objects. It supports:
  • namespace derivation from directory layout
  • SKILL.md handling
  • frontmatter parsing
  • argument substitution
  • plugin variable substitution
  • model and effort overrides

Security-relevant behavior

Plugin loading includes:
  • source allow/block checks
  • duplicate detection
  • validation of manifest and hooks config
  • path validation to stay inside intended bases
That is important because plugins can expose commands, skills, and hooks with substantial runtime power.