Skills
skills/skinnyandbald/ceos/ceos-annual/Gen Agent Trust Hub

ceos-annual

Pass

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes data from multiple user-controlled files to generate summaries and planning documents.
  • Ingestion points: The skill reads content from various directories including data/issues/open/, data/rocks/, data/scorecard/weeks/, and data/people/.
  • Boundary markers: The instructions do not specify the use of boundary markers or protective delimiters when interpolating external file content into the agent's context.
  • Capability inventory: The skill has permissions to write to the data/annual/ directory and modify the data/vision.md file.
  • Sanitization: There is no requirement in the instructions to sanitize or validate the content of the ingested files before processing them.
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute a git pull command to synchronize data from a remote repository. This is an expected administrative operation for a collaborative data environment.
  • [EXTERNAL_DOWNLOADS]: The git pull command involves downloading data from a remote source. This is documented neutrally as it is a standard mechanism for keeping the strategic data repository up to date with teammates' changes.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 3, 2026, 09:34 PM