goal-design
Pass
Audited by Gen Agent Trust Hub on Jul 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns such as obfuscation, credential harvesting, or direct prompt injection were detected in the skill instructions.
- [SAFE]: Indirect Prompt Injection Surface. The skill is designed to ingest external data (like tickets or issue descriptions) and restructure them into a detailed prompt template for an autonomous agent. While this pattern creates a surface for indirect prompt injection, it is the primary purpose of the skill.
- Ingestion points: The skill accepts user-supplied task descriptions, tickets, or issues via the
argument-hintfield inSKILL.md. - Boundary markers: The provided templates do not utilize specific delimiters (e.g., XML tags) or safety instructions to separate untrusted user input from the surrounding prompt logic.
- Capability inventory: The generated goal prompts suggest capabilities including shell command execution (tests, linting, building), file system modifications, and Git operations (creating branches, pushing code, opening PRs).
- Sanitization: The skill does not perform any visible sanitization or validation of the input data before incorporating it into the final prompt output.
- [SAFE]: The skill uses the
!command`` syntax (Dynamic Context Injection) in a purely illustrative way within its own documentation or does not use it at all; no dangerous silent execution was found.
Audit Metadata