completo-briefing
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill collects project metadata including domain models, user roles, and architectural patterns, then uploads this information to a remote server using the
completoCLI. While the instructions explicitly forbid including secrets or environment variables, the transmission of internal project context to an external service is a form of data collection. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It instructs the agent to read and process untrusted files from the repository (e.g.,
README.md,CONTRIBUTING.md, and git logs) to generate the briefing. Malicious content in these files could influence the agent's output or behavior. - Ingestion points: Reads
CLAUDE.md,AGENTS.md,README.md,CONTRIBUTING.md,package.json, database schemas, and git logs. - Boundary markers: None identified for untrusted data ingestion.
- Capability inventory: Executes shell commands (
git log,completo briefing) and writes files (Completo-Briefing.md). - Sanitization: No specific sanitization or validation of the ingested file content is mentioned.
- [COMMAND_EXECUTION]: The skill executes shell commands such as
git logand thecompletoCLI to explore the project and synchronize data. These commands are integral to the skill's functionality but represent an execution surface that processes project data.
Audit Metadata