setting-okrs-goals
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No instructions attempting to bypass safety filters or override system constraints were detected. The instructions focus entirely on the domain of OKR generation.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file paths, or network exfiltration patterns were found. The skill operates on user-provided business context.
- Obfuscation (SAFE): No Base64, zero-width characters, or homoglyphs were detected across any of the 10 files.
- Unverifiable Dependencies & RCE (SAFE): The skill does not include any package installation commands (npm/pip) or remote script execution (curl|bash). It is purely instructional markdown.
- Privilege Escalation (SAFE): No commands requesting administrative privileges or modifying system configurations were found.
- Persistence Mechanisms (SAFE): No attempts to create startup tasks, cron jobs, or modify shell profiles were detected.
- Indirect Prompt Injection (LOW): The skill ingests user-provided text to generate OKRs. While this is an ingestion surface, the lack of dangerous capabilities (like executing commands or making network requests based on that data) makes the risk negligible.
- Dynamic Execution (SAFE): The skill does not generate or compile code at runtime.
Audit Metadata