performance-goal
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the execution of local shell commands through the 'omx' CLI and user-defined evaluator scripts (e.g., 'npm run perf:startup'). These actions are strictly local and consistent with the workflow's goal of performance benchmarking and validation.
- [INDIRECT_PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests untrusted 'objective' and 'evaluator-contract' strings from the user or project environment.
- Ingestion points: Arguments passed to 'omx performance-goal create' in SKILL.md.
- Boundary markers: None present; the agent is instructed to follow the contract strings directly.
- Capability inventory: Execution of shell commands (evaluator scripts) and goal state manipulation (update_goal/create_goal) as seen in SKILL.md.
- Sanitization: No specific sanitization or validation of the objective/contract strings is mentioned.
Audit Metadata