plausible-insights
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill performs legitimate API calls to plausible.io to fetch analytics data as documented in
lib/client/plausible.ts. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill's architecture for processing external data creates a potential injection surface. 1. Ingestion points: External analytics data from the Plausible API (
lib/client/plausible.ts) and web page content fetched via sub-agent prompts as instructed inrecipes/comprehensive-audit.json. 2. Boundary markers: Absent. There are no clear delimiters or instructions for the agent to disregard instructions within the data it analyzes. 3. Capability inventory: Network operations (fetch), local file writing for caching (lib/utils/cache.ts), and CLI execution viabunortsx. 4. Sanitization: Structural Zod validation is applied to API responses, but no semantic sanitization is performed on external content analyzed by the agent. - [DATA_EXPOSURE] (SAFE): The skill accesses the file system to maintain a cache at
~/.cache/plausible-cliand a log at~/.plausible-agent.log. These are restricted to the user's home directory and serve standard operational roles. - [PROMPT_INJECTION] (SAFE): Instructions in
SKILL.mdand prompts in therecipes/directory are benign and strictly follow the skill's stated SEO consultancy purpose.
Audit Metadata