goudi

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No security issues detected. The skill consists of markdown instructions, an output template, and configuration files for project management workflows without any active code components.
  • [PROMPT_INJECTION]: The instructions do not contain any patterns designed to bypass agent safety filters or override system instructions. The 'goudi' persona is focused on feasibility analysis and scope control.
  • [DATA_EXFILTRATION]: No network operations, credential harvesting, or access to sensitive file paths (e.g., .ssh, .env, .aws) were detected in any of the files.
  • [REMOTE_CODE_EXECUTION]: The skill does not download or execute external scripts. It explicitly instructs the agent not to write code or modify files as part of its grounding judgment process.
  • [INDIRECT_PROMPT_INJECTION]: While the skill processes user-supplied proposals (untrusted data), the use of a structured output template and the lack of automated file-system or network capabilities significantly limit the attack surface for indirect injection.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 07:18 AM
Security Audit — agent-trust-hub — goudi