goap-agent
Warn
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill frequently utilizes shell commands for environment discovery and task execution, such as listing architectural decision records (
ls plans/adr/ADR-*.md) and running project-specific quality scripts (./scripts/code-quality.sh). - [DYNAMIC_EXECUTION]: The system includes 'meta-agents' like
agent-creatorandskill-creatordesigned to generate new task agents or instruction sets (skills) at runtime. This involves writing new files (Write,Edittools) that are subsequently invoked to perform tasks, representing a script-generation-and-execution pattern. - [INDIRECT_PROMPT_INJECTION]: The skill's core methodology relies on ingesting external data to inform planning decisions.
- Ingestion points: Reads architectural decision records from
plans/adr/*.mdand explores the codebase using theExploreagent. - Boundary markers: The instructions do not define clear delimiters or warnings to ignore embedded instructions within the ingested ADRs or code comments.
- Capability inventory: The agents involved have access to high-privilege tools including
Bash,Write,Edit, and the ability to spawn furtherTaskorSkillprocesses. - Sanitization: There is no evidence of validation or sanitization of the content retrieved from project files before it influences the agent's task decomposition and strategy selection.
- [DATA_EXFILTRATION]: The skill references tools for external synchronization and research, such as
storage-sync(for Turso/redb) andweb-search-researcher. While aligned with the stated coordination purpose, these tools facilitate data movement to external services.
Audit Metadata