ceos-accountability
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a
git pullcommand to synchronize local data with a remote repository. This operation is performed automatically upon locating the repository root marked by a.ceosfile. While this is a functional requirement for the skill's purpose, it executes a shell command with a dynamically determined path. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it reads and parses organizational data from external files which could contain malicious instructions.
- Ingestion points: Data is ingested from
data/accountability.md,templates/accountability.md, and thedata/people/directory. - Boundary markers: The skill does not implement specific delimiters or 'ignore' instructions when parsing seat titles, owner names, or role descriptions from the markdown files.
- Capability inventory: The agent has permissions to
Read,Write,Edit, andGlobfiles, as well as executegitcommands. It can modify the source of truth for organizational data. - Sanitization: There is no evidence of input validation or content filtering to prevent the agent from interpreting data as instructions. However, the skill explicitly mandates a human-in-the-loop 'diff' review and approval process before any write operation is performed.
Audit Metadata