simple-plan
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill is strictly limited to planning and documentation tasks. Core instructions explicitly state "Do not implement code while this skill is active" and "Do not silently switch from planning to implementation."
- [SAFE]: No network access, sensitive file exposure, or unauthorized command execution patterns were detected. The skill's file system interaction is restricted to reading relevant project context and writing markdown plans to paths confirmed by the user.
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it reads repository files to generate plans.
- Ingestion points: Context exploration (Step 2) reads files, structure, and dependencies from the user's repository.
- Boundary markers: The instructions do not specify the use of delimiters or ignore-instructions for the external data being processed.
- Capability inventory: The skill's capabilities are limited to reading repository information and writing implementation plans in markdown format.
- Sanitization: No explicit sanitization of input content from repository files is implemented.
- [SAFE]: Metadata and source references point to the vendor's own repository (singh-gur), which is consistent with legitimate developer practices for this skill author.
Audit Metadata