goap-agent
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates extensive use of system-level tools and shell commands for development and testing tasks. Evidence: agents.md identifies Bash, Read, Write, and Edit as primary tools for feature-implementer, debugger, and other task agents. Evidence: patterns.md and examples.md include execution of local scripts (e.g., ./scripts/code-quality.sh) and build tools (e.g., cargo nextest).
- [EXTERNAL_DOWNLOADS]: The orchestration workflow involves retrieving content from external sources. Evidence: skills.md and methodology.md reference the web-doc-resolver skill for researching documentation and best practices during the initial analysis phase.
- [PROMPT_INJECTION]: The skill architecture is susceptible to indirect prompt injection due to the integration of untrusted external data into high-privilege execution plans. Ingestion points: Research phase utilizing web-doc-resolver to fetch external web content (patterns.md, skills.md). Boundary markers: Absent. The instructions do not define clear delimiters or safety prompts to prevent the agent from following instructions embedded in research data. Capability inventory: Agents have access to destructive and powerful tools including Bash, Write, and Edit on the local filesystem (agents.md). Sanitization: Absent. There is no mention of validating or filtering content retrieved from the web before it influences the plan decomposition and assignment.
Audit Metadata