ceo
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection through the ingestion of external context files and sub-agent outputs.
- Ingestion points: Reads
company-profile.mdon load andHUMAN_AGENDA.mdon every load; also processes results from sub-agents (e.g.,cfo,cmo). - Boundary markers: Absent. There are no specific delimiters or instructions to treat the content of these files or sub-agent outputs as untrusted data.
- Capability inventory: The skill primarily uses the
Tasktool to dispatch specialized sub-agents. - Sanitization: Absent. The skill synthesizes information from these sources without explicit sanitization or validation logic.
Audit Metadata