goal
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script
scripts/claude_goal.pyto manage goal persistence, state transitions (active, paused, complete), and time/token accounting. - [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection by processing user-supplied objectives that are then injected into the agent's context as task instructions.
- Ingestion points: User-provided goal descriptions are passed via the
$ARGUMENTSvariable inSKILL.mdto theinvokecommand. - Boundary markers: The objective content is explicitly wrapped in
<objective>tags within the instructions returned to the agent inscripts/claude_goal.py. - Capability inventory: The skill allows the agent to interact with a local SQLite database and can influence the agent's loop via a 'Stop' hook (decision: block) to ensure goals are pursued until completion.
- Sanitization: While the skill validates the length of the objective, it does not sanitize content for prompt injection markers; however, it explicitly instructs the agent to treat the objective as 'task context' and to ignore instructions that conflict with higher-level constraints.
Audit Metadata