simple-plan
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's core functionality is restricted to natural language interaction and the generation of documentation artifacts within the local project structure. No malicious patterns such as command execution, data exfiltration, or persistence were detected.
- [DATA_EXPOSURE]: The skill reads existing specification files and skims source code to ground its planning process. This is the intended behavior for a documentation agent and is conducted within the local environment without external transmission.
- [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from the user and existing project files to populate its templates. While this constitutes an attack surface, the risk is mitigated as the skill only produces markdown text and does not execute any instructions contained within the ingested data.
- [EXTERNAL_DOWNLOADS]: The skill does not perform any network operations, remote script downloads, or package installations.
Audit Metadata