goal-tracker
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
openclawCLI to configure scheduled tasks (cron jobs) for recurring goal reviews. While these are intended for the skill's primary accountability features, they utilize the agent's ability to execute platform-level commands and establish persistence.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it reads and processes goal data from user-managed Markdown files (goals/GOALS.md) without validation or boundary markers.\n - Ingestion points: Local Markdown files (
goals/GOALS.md,goals/ANNUAL-GOALS.md) and natural language user input.\n - Boundary markers: No delimiters or protective instructions are used when reading stored goal content.\n
- Capability inventory: The agent can perform directory and file operations (
mkdir, read/write) and execute platform-specific scheduling commands (openclaw).\n - Sanitization: There is no evidence of filtering or sanitizing the content within the goal files before processing.
Audit Metadata