plane-api
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or security vulnerabilities were detected. The skill operates within its stated purpose of managing Plane work items.
- [DATA_EXFILTRATION]: Network communication is performed using the urllib library and is restricted to the user-defined PLANE_API_URL. API keys are handled securely via environment variables.
- [PROMPT_INJECTION]: The skill contains an attack surface for indirect prompt injection via the work item fields title and description. Ingestion points: title and description fields in SKILL.md. Boundary markers: None. Capability inventory: urllib network access in plane.py. Sanitization: None. The risk is assessed as safe given the tool's role as a data relay.
Audit Metadata