goals
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, unauthorized behaviors, or security vulnerabilities were detected. The skill's operations are transparent and aligned with its stated purpose of project health management.
- [COMMAND_EXECUTION]: The skill's primary function involves managing a
checkfield within goal files that contains shell commands. These commands are executed locally via theao goals measureutility to determine if a project goal is passing or failing. This is a core intended feature of the project fitness framework. - [DATA_EXFILTRATION]: The skill analyzes local project metadata, such as retrospectives, learnings, and product documentation, to suggest goal improvements and anti-stars. While it includes an export function (
ao goals export), data is only sent to standard output for user review or CI integration, with no unauthorized external network activity detected. - [PROMPT_INJECTION]: The skill incorporates an indirect prompt injection surface by ingesting untrusted data from various project files to inform its goal generation logic. However, the risk is mitigated by the use of predefined goal templates and the expectation of user review for suggested changes.
- Ingestion points: Reads content from
PRODUCT.md,README.md, and files within the.agents/directory (includingretro/,council/, andlearnings/). - Boundary markers: No explicit delimiters or boundary instructions are used to isolate ingested data from agent instructions.
- Capability inventory: The skill has the ability to execute shell commands via
ao goals measure(running thecheckstrings) and modify project goal files. - Sanitization: There is no evidence of explicit sanitization or validation of the text ingested from project files before it is used to generate suggestions.
Audit Metadata