goals-graph
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill directs the agent to translate natural language into bash commands executed via a local Python script (
goals_query.py). While this is the intended functionality, it relies on the agent's ability to safely construct shell commands. - Evidence:
SKILL.mdcontains explicit instructions: 'Run all commands from that directory... Execute — Run commands via bash'. - [PROMPT_INJECTION] (LOW): The skill possesses an indirect prompt injection surface because it processes untrusted natural language from the user and integrates with a knowledge vault that may contain third-party content.
- Ingestion points: Natural language input from the user ('Lee') and local files within the Obsidian vault and SQLite database (referenced in
references/cli-reference.md). - Boundary markers: Absent. The instructions do not provide delimiters for user-provided strings or warnings to ignore instructions embedded within the knowledge base files.
- Capability inventory: The agent has the capability to execute shell commands (
bash), modify a SQLite database, and interact with the local file system (Obsidian vault). - Sanitization: Absent. The skill instructions do not specify any escaping or validation logic for user-provided text when constructing CLI arguments.
Audit Metadata