kpi-target-setting
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security threats such as prompt injection, obfuscation, or remote code execution were found. The skill is designed for organizational goal-setting and uses standard markdown templates.
- [DATA_EXPOSURE]: The skill attempts to load context from
../../CLAUDE.md. This is a standard pattern for retrieving project-level configuration and environment-specific instructions and does not indicate unauthorized data harvesting. - [INDIRECT_PROMPT_INJECTION]:
- Ingestion points: Data for historical benchmarks and industry standards is input into the analysis templates in
SKILL.md. - Boundary markers: Uses markdown tables and structured checklists to organize data, though it does not explicitly define 'ignore' boundaries for untrusted input.
- Capability inventory: The skill possesses no capabilities for command execution, file system modification, or network requests.
- Sanitization: There is no mention of input sanitization, but the lack of executable capabilities makes this a negligible risk.
Audit Metadata