goal-manager

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The workflow directs the agent to utilize a script located at scripts/checkpoint.sh for appending dated notes and decisions to the project ledger.
  • [PROMPT_INJECTION]: The skill processes persistent data from ledger/current.md to guide agent actions during task resumption, creating an indirect prompt injection surface. 1. Ingestion points: The agent reads from ledger/current.md in SKILL.md (Step 5) to determine the current goal and state. 2. Boundary markers: Absent. There are no instructions to use delimiters or ignore embedded instructions when reading the ledger content. 3. Capability inventory: The skill can execute shell commands (scripts/checkpoint.sh) and write to the file system (ledger/current.md). 4. Sanitization: Absent. No validation or filtering is performed on the data read from the ledger file before it is incorporated into the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 11:35 AM
Security Audit — agent-trust-hub — goal-manager