Skills
skills/cklxx/elephant.ai/okr-management/Gen Agent Trust Hub

okr-management

Fail

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill is configured to execute its main logic through a local Python script (run.py) using the bash shell tool.
  • [DATA_EXFILTRATION]: The update function in run.py is vulnerable to path traversal. It constructs a file path by joining a base directory with a user-provided filename without validation, which allows for unauthorized reading and partial modification of files on the system if absolute paths or traversal sequences are provided.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it stores unvalidated user input in Markdown files that the agent is intended to read and process.
  • Ingestion points: Raw user input from 'objective', 'key_results', and 'notes' fields is collected during OKR creation and updates.
  • Boundary markers: The generated Markdown files do not use delimiters or instructions to prevent the agent from interpreting stored content as instructions.
  • Capability inventory: The skill has the ability to read and write files using the pathlib.Path module.
  • Sanitization: No sanitization or escaping is performed on user content before it is written to the file system.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 1, 2026, 12:36 AM