ceorater
Warn
Audited by Gen Agent Trust Hub on Feb 13, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION] (MEDIUM): The skill performs network requests to api.ceorater.com to fetch CEO metrics. This domain is not included in the Trusted Source whitelist, characterizing the activity as unverified external data flow.
- [COMMAND_EXECUTION] (LOW): The helper script (scripts/ceorater.sh) executes local bash commands to facilitate API requests. It correctly implements input sanitization using a whitelist (tr -cd 'A-Za-z0-9 _.&-') and utilizes printf and sed for safe URL encoding, which effectively mitigates shell command injection risks.
- [PROMPT_INJECTION] (MEDIUM): The skill presents an indirect prompt injection surface (Category 8) by processing external API data. 1. Ingestion point: JSON responses from api.ceorater.com. 2. Boundary markers: Absent; no delimiters are used to isolate untrusted API content from the agent's instructions. 3. Capability inventory: Outbound network access and local script execution. 4. Sanitization: While input parameters are sanitized, the retrieved content is processed directly by the model without schema validation or content filtering.
Audit Metadata