setting-okrs-goals
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted user data such as strategy anchors and business goals to generate OKR packs. This creates a surface for indirect prompt injection where malicious input could attempt to influence the agent's behavior. However, this risk is mitigated by the agent's safety protocols and the specific, guided nature of the intake process.\n
- Ingestion points: User-provided strategy anchors, North Star metrics, and context defined in SKILL.md and README.md.\n
- Boundary markers: Absent; user data is interpolated directly into the context of the goal-setting workflow.\n
- Capability inventory: Text generation and file writing to user-specified directories as described in README.md.\n
- Sanitization: None; the skill relies on the agent's internal filtering for safety.\n- [SAFE]: No malicious patterns such as credential harvesting, unauthorized network calls, or persistence mechanisms were found. The skill's metadata and external links are consistent with its stated purpose and origin.
Audit Metadata