Skills
skills/neversight/skills.sh_feed/ceo-personal-os/Gen Agent Trust Hub

ceo-personal-os

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION] (HIGH): Vulnerable to Indirect Prompt Injection through the automated processing of external user data.
  • Ingestion points: The skill explicitly instructs the agent to read files from the uploads/ directory (e.g., 'When user uploads past reviews to uploads/').
  • Boundary markers: There are no instructions to use delimiters or specific boundary markers to isolate untrusted content from the system prompt.
  • Capability inventory: The agent is authorized to write to the file system (via TodoWrite and creating/appending to files like memory.md and principles.md).
  • Sanitization: The skill lacks any requirement for the agent to sanitize or validate the content of the uploaded files before extracting patterns or appending insights to the system's long-term memory.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 09:39 AM