the-goal
Pass
Audited by Gen Agent Trust Hub on Jul 4, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: No patterns of instruction override, safety bypass, or role-play injection were detected. The skill uses structured 'Guardrails' to ensure the agent follows the Theory of Constraints methodology, which is a benign instructional use.
- [DATA_EXFILTRATION]: No sensitive file paths, credential markers, or network exfiltration patterns were found. The skill mentions configuration paths for the 'cenno' tool and local draft folders for saving analysis results, which are standard for productivity skills.
- [REMOTE_CODE_EXECUTION]: The skill executes local Python scripts (
scripts/score_constraints.pyandscripts/recommend_rung.py) to process data. These scripts use the Python standard library for JSON parsing and do not download or execute remote code. - [COMMAND_EXECUTION]: The skill provides the agent with specific shell commands to run its internal scripts. These commands use fixed paths and do not involve unsanitized user input in a way that would allow for arbitrary command injection.
- [INDIRECT_PROMPT_INJECTION]: The skill ingests user descriptions of their workflows. This data is processed through deterministic scripts using standard JSON parsing (
json.loads). There is no evidence of unsafe interpolation or exploitation of the agent's context. - [DYNAMIC_EXECUTION]: No evidence of
eval(),exec(), or unsafe deserialization (likepickle) was found. The Python scripts are used for data transformation and ranking only.
Audit Metadata