goal-tracking
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is susceptible to instructions embedded in external data files which could lead to unauthorized file modifications. Ingestion points: File reads are performed on Goals/0. Three Year Goals.md, Goals/1. Yearly Goals.md, Goals/2. Monthly Goals.md, and Daily Notes/*.md. Boundary markers: None identified; the skill lacks delimiters or instructions to ignore embedded commands within the markdown content. Capability inventory: The skill utilizes the Edit tool for file modification and TaskCreate/TaskUpdate for session state changes, providing a mechanism for malicious instructions to have side effects. Sanitization: No input validation or content sanitization is described for the parsed markdown data before it is used to drive tool calls.
- Data Exposure (LOW): The skill accesses potentially sensitive local files (Daily Notes), which constitutes an exposure risk, though the lack of network tools in the toolset prevents automated exfiltration.
Recommendations
- AI detected serious security threats
Audit Metadata