ceo-personal-os
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill ingests and processes user-provided documents from an 'uploads' directory to extract patterns and update a 'memory.md' file. This behavior creates a vulnerability surface where instructions embedded in processed data could potentially influence the agent's behavior.
- Ingestion points: User-uploaded documents located in the
uploads/directory. - Boundary markers: Absent; the skill does not specify the use of delimiters or 'ignore instructions' warnings for the ingested content.
- Capability inventory: The skill instructs the agent to create file structures (using tools like
TodoWrite), read from local reference files, and persistently write extracted insights tomemory.md. - Sanitization: Absent; no evidence of escaping, validation, or filtering of the external content is provided in the instructions.
Audit Metadata