ceos-process
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes
git -C <ceos_root> pull --ff-only --quietto synchronize local process data with a remote repository. This action is a functional requirement for collaborative data management within the EOS framework. - [EXTERNAL_DOWNLOADS]: Performs a network operation via
git pullto fetch updates from the repository's configured origin. This is a standard procedure for maintaining data consistency in a shared environment. - [PROMPT_INJECTION]: The skill reads and processes user-controlled markdown files from the
data/processes/directory, which creates a surface for potential indirect prompt injection. - Ingestion points: The skill reads all markdown files within the
data/processes/directory during audit and simplification workflows to parse frontmatter and content. - Boundary markers: No explicit markers or warnings are used to distinguish processed content from system instructions.
- Capability inventory: The agent has
Writepermissions to local files,Globtraversal for file discovery, and the ability to executegitcommands. - Sanitization: No explicit sanitization or filtering of the ingested markdown content is performed before the agent processes or displays the data.
Audit Metadata