goal-manager
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The workflow directs the agent to utilize a script located at
scripts/checkpoint.shfor appending dated notes and decisions to the project ledger. - [PROMPT_INJECTION]: The skill processes persistent data from
ledger/current.mdto guide agent actions during task resumption, creating an indirect prompt injection surface. 1. Ingestion points: The agent reads fromledger/current.mdinSKILL.md(Step 5) to determine the current goal and state. 2. Boundary markers: Absent. There are no instructions to use delimiters or ignore embedded instructions when reading the ledger content. 3. Capability inventory: The skill can execute shell commands (scripts/checkpoint.sh) and write to the file system (ledger/current.md). 4. Sanitization: Absent. No validation or filtering is performed on the data read from the ledger file before it is incorporated into the agent's context.
Audit Metadata