setting-okrs-goals
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOWNO_CODE
Full Analysis
- [Prompt Injection] (SAFE): No patterns detected that attempt to override system instructions, bypass safety filters, or extract system prompts. The instructions are focused entirely on OKR frameworks.
- [Data Exposure & Exfiltration] (SAFE): No commands or paths targeting sensitive files (~/.ssh, .env, etc.). No network operations (curl, wget) are present.
- [Obfuscation] (SAFE): No Base64, zero-width characters, homoglyphs, or encoded strings were found.
- [Unverifiable Dependencies] (SAFE): The skill does not define any Python or Node.js packages and does not download external scripts.
- [Privilege Escalation] (SAFE): No administrative commands (sudo) or permission changes (chmod) are requested.
- [Persistence Mechanisms] (SAFE): No attempts to modify shell profiles, cron jobs, or startup services.
- [Metadata Poisoning] (SAFE): Skill metadata (name, description) is accurate and contains no hidden instructions.
- [Indirect Prompt Injection] (INFO): While the skill processes user-provided goals and strategies, it lacks any high-privilege capabilities such as file writing, network access, or command execution. This limits the impact of potential malicious content in user-provided goals to the agent's reasoning within the conversation only.
- [Time-Delayed / Conditional Attacks] (SAFE): No logic exists to trigger behavior based on dates, times, or environmental conditions.
- [Dynamic Execution] (SAFE): No use of eval(), exec(), or unsafe deserialization. The skill contains no code logic.
Audit Metadata