Skills
skills/skinnyandbald/ceos/ceos-kickoff/Gen Agent Trust Hub

ceos-kickoff

Pass

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a system command to synchronize the local repository with remote changes.
  • Evidence: Uses the command git -C <ceos_root> pull --ff-only --quiet to update local data files from a remote source.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes data from external markdown files which may contain instructions that influence agent behavior.
  • Ingestion points: Reads content from files in directories such as templates/ and data/ (including vision, accountability, rocks, and scorecard data).
  • Boundary markers: No specific delimiters or instructions to ignore embedded commands within the data files were identified.
  • Capability inventory: The skill has permissions to write files to the system and execute git commands.
  • Sanitization: There is no evidence of content sanitization or validation performed on the read files prior to processing by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 3, 2026, 09:34 PM