ceos-dashboard
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill automatically executes the command 'git -C <ceos_root> pull --ff-only --quiet' to synchronize data from a remote repository. This involves both network access and command execution on a dynamic path.
- [PROMPT_INJECTION]: The skill reads and summarizes multiple user-controlled files, creating an attack surface for indirect prompt injection. * Ingestion points: Processes data from 'data/vision.md', 'data/rocks/', 'data/scorecard/', 'data/issues/open/', 'data/people/', and 'data/accountability.md'. * Boundary markers: There are no delimiters or explicit instructions to the agent to ignore embedded commands within the ingested data. * Capability inventory: The skill has the ability to read files and execute git commands. * Sanitization: No content sanitization or filtering is applied to the data being read, although it skips malformed YAML frontmatter.
Audit Metadata