Skills
skills/rysweet/amplihack/goal-seeking-agent-pattern/Gen Agent Trust Hub

goal-seeking-agent-pattern

Pass

Audited by Gen Agent Trust Hub on Mar 8, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill references and provides instructions for installing the amplihack Python package (pip install amplihack) and using its CLI tool. This package is not hosted on a pre-verified trusted domain or organization list.
  • [COMMAND_EXECUTION]: The provided design patterns and 'Fix-Agent' examples illustrate the use of subprocess.run to execute various CLI tools (e.g., ruff, black, pre-commit) based on autonomous decisions made by the agent.
  • [PROMPT_INJECTION]: The skill documents an architecture vulnerable to indirect prompt injection (Category 8):
  • Ingestion points: Agents are designed to process natural language objectives from external files (--prompt) or inline strings.
  • Boundary markers: The architecture and examples do not define explicit delimiters or instructions to ignore embedded commands within the 'goal' input.
  • Capability inventory: The described agents use tools such as Read, Grep, Glob, and WebSearch, and they have the capability to execute shell commands via subprocess.run or the amplihack CLI.
  • Sanitization: There is no mention of input validation or sanitization of the natural language goals before they are used to generate execution plans.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 8, 2026, 06:52 AM