ceos-ids
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill performs synchronization of the issue repository by executing the
git pullcommand within the identified project root. This is a standard operation for maintaining data consistency across a team. - [EXTERNAL_DOWNLOADS]: The skill facilitates data synchronization from remote sources via Git during the initialization phase. This is used to ensure the local issue database is up to date before processing.
- [PROMPT_INJECTION]: The skill demonstrates an attack surface for indirect prompt injection. Ingestion points: The agent reads and interprets the contents of markdown files stored in
data/issues/open/. Boundary markers: The instructions do not define strict delimiters or provide 'ignore instructions' warnings when the agent processes these external files. Capability inventory: The skill usesRead,Write, andGlobtools for file management, and can executegit pullcommands. Sanitization: The skill relies on showing the user a diff of changes before writing, but it does not perform automated sanitization of the content read from files.
Audit Metadata