Should Doulevo plugins execute code during commands like "doulevo create"?

[ashleydavis]

It might possible to have richer plugin creation/configuration if we execute code from plugins. For example dynamically creating files a new project during the project creation process.

The problem is that executing code in a plugin presents a serious security problem!

We could possibly reduce the risk by only allowing code to be executed from official plugins.

[ashleydavis]

I do think it's useful for plugins to run code.

For example the init command could make use of this to allow plugins to detect the project type.

However, only code from official plugins should be run automatically.

Code from non-official repos or local paths should check with the user first before running code. E.g. asking the user "do you trust this plugin?"