goudi
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill consists of markdown instructions, an output template, and configuration files for project management workflows without any active code components.
- [PROMPT_INJECTION]: The instructions do not contain any patterns designed to bypass agent safety filters or override system instructions. The 'goudi' persona is focused on feasibility analysis and scope control.
- [DATA_EXFILTRATION]: No network operations, credential harvesting, or access to sensitive file paths (e.g., .ssh, .env, .aws) were detected in any of the files.
- [REMOTE_CODE_EXECUTION]: The skill does not download or execute external scripts. It explicitly instructs the agent not to write code or modify files as part of its grounding judgment process.
- [INDIRECT_PROMPT_INJECTION]: While the skill processes user-supplied proposals (untrusted data), the use of a structured output template and the lack of automated file-system or network capabilities significantly limit the attack surface for indirect injection.
Audit Metadata