ceos-l10
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill automatically executes a shell command to synchronize repository data using 'git -C <ceos_root> pull --ff-only --quiet 2>/dev/null'. This subprocess call uses a path determined by searching for a marker file and is a core part of the skill's functionality.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) due to the ingestion and processing of various data files from the repository.
- Ingestion points: Meeting notes, scorecards, rocks, and issues are read from files located in 'data/meetings/l10/', 'data/scorecard/weeks/', 'data/rocks/', and 'data/issues/open/'.
- Boundary markers: There are no explicit delimiters or instructions to ignore potential commands embedded within the data read from these files.
- Capability inventory: The skill has the ability to write meeting notes to the local filesystem and execute shell commands (git).
- Sanitization: No sanitization or validation of the content read from the files is performed before it is processed by the AI.
Audit Metadata