goal-meta-skill
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill operates as a high-level instruction generator. It defines an operating mode that steers agents toward creating structured and verifiable tasks rather than performing arbitrary actions.
- [EXTERNAL_DOWNLOADS]: The documentation references an installation command using
npx skills addwhich targets the author's own repository (bahayonghang/my-claude-code-settings). This is consistent with the skill's distribution model. - [COMMAND_EXECUTION]: A local Python script (
scripts/lint_goal_command.py) is provided to validate the quality and safety of generated goal commands. This script uses standard library regex and file operations. The accompanying test suite (tests/lint-goal-command.test.mjs) executes this script locally using Node.js'sspawnSyncfor quality assurance purposes. - [SAFE]: The skill explicitly incorporates security best practices into its core logic by instructing agents to define "Boundaries" and "Constraints." These sections are designed to prevent the agent from modifying unrelated files, accessing sensitive paths, or pushing code to default branches without authorization.
- [SAFE]: High-risk operations such as those involving credentials, payments, legal/medical/financial decisions, or production data are explicitly listed as "Pause conditions," ensuring human-in-the-loop oversight for sensitive tasks.
Audit Metadata