plausible
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill communicates with plausible.io, which is recognized as a well-known and legitimate technology service. Access tokens (PLAUSIBLE_TOKEN) are managed using the platform's native secret management system (vm0_secrets), adhering to security best practices for credential handling.
- [COMMAND_EXECUTION]: The skill uses curl to interact with the Plausible API. The commands are structured to use temporary files for JSON payloads, which reduces the risk of shell injection compared to direct parameter interpolation.
- [PROMPT_INJECTION]: The skill contains an attack surface for indirect prompt injection because it processes untrusted data from external API responses.
- Ingestion points: The agent processes data returned from the Plausible API endpoints (e.g., site statistics, goal lists) as described in SKILL.md.
- Boundary markers: Absent; the skill does not use specific delimiters or instructions to ignore embedded commands within the API data.
- Capability inventory: The skill allows the agent to perform read, create, and delete operations on analytics sites and goals via curl.
- Sanitization: No validation or sanitization logic is present to filter or escape the content of API responses before they are integrated into the agent's context.
Audit Metadata