goal-meta-skill

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill operates as a high-level instruction generator. It defines an operating mode that steers agents toward creating structured and verifiable tasks rather than performing arbitrary actions.
  • [EXTERNAL_DOWNLOADS]: The documentation references an installation command using npx skills add which targets the author's own repository (bahayonghang/my-claude-code-settings). This is consistent with the skill's distribution model.
  • [COMMAND_EXECUTION]: A local Python script (scripts/lint_goal_command.py) is provided to validate the quality and safety of generated goal commands. This script uses standard library regex and file operations. The accompanying test suite (tests/lint-goal-command.test.mjs) executes this script locally using Node.js's spawnSync for quality assurance purposes.
  • [SAFE]: The skill explicitly incorporates security best practices into its core logic by instructing agents to define "Boundaries" and "Constraints." These sections are designed to prevent the agent from modifying unrelated files, accessing sensitive paths, or pushing code to default branches without authorization.
  • [SAFE]: High-risk operations such as those involving credentials, payments, legal/medical/financial decisions, or production data are explicitly listed as "Pause conditions," ensuring human-in-the-loop oversight for sensitive tasks.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 07:18 AM
Security Audit — agent-trust-hub — goal-meta-skill