ce-ideate
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses local shell commands such as
mkdirandfindto manage an internal cache in/tmp, andgitcommands to identify the repository context for hashing. These are standard operations for codebase analysis tools provided by this vendor. - [EXTERNAL_DOWNLOADS]: The skill triggers the
ce-web-researchersub-agent to gather external information. This is a documented, integral part of the ideation workflow and is subject to user-provided skip phrases. - [DATA_EXFILTRATION]: The skill reads project metadata such as directory structure and strategy documents to ground its suggestions. Persistence involves writing results to the local
docs/ideation/directory or uploading them to a review service (ce-proof) within the same vendor ecosystem. - [PROMPT_INJECTION]: The skill ingests untrusted user input via the
$ARGUMENTSparameter to guide its ideation process. - Ingestion points: User-supplied arguments are interpolated into the focus hint context in
SKILL.md. - Boundary markers: The arguments are delimited by
<focus_hint>tags for sub-agent processing. - Capability inventory: The skill can write markdown files to the repository and interact with other tools in the
compound-engineeringsuite. - Sanitization: No explicit sanitization is performed on the input.
- Risk Assessment: The risk is minimal as the skill's output is limited to ideation artifacts that undergo multi-agent critique and human review before further action.
Audit Metadata