cto-advisor
Warn
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONNO_CODE
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill explicitly instructs the agent to execute local Python scripts (
tech_debt_analyzer.pyandteam_scaling_calculator.py) to perform its primary functions. While these are local calls, they operate outside the standard LLM safety constraints. - [NO_CODE] (LOW): The executable Python scripts mentioned in the metadata and core instructions are missing from the provided skill package, preventing a thorough security audit of the actual logic and potentially leading to runtime errors.
- [PROMPT_INJECTION] (MEDIUM): The skill is designed to ingest and evaluate external vendor data and architecture proposals, which presents an Indirect Prompt Injection surface (Category 8). Evidence: 1. Ingestion points: Phase 2 (Market Research) and Phase 3 (Deep Evaluation) in
technology_evaluation_framework.md. 2. Boundary markers: None. There are no instructions to delimit or ignore embedded commands in external documentation. 3. Capability inventory: Local shell/script execution. 4. Sanitization: None. No input validation or filtering of external technology descriptions is mentioned.
Audit Metadata