ceos-quarterly-planning
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the system command
git pullto synchronize local data with a remote repository. While intended for data synchronization, it represents a shell command execution surface.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests and processes content from multiple external files that could contain malicious instructions.\n - Ingestion points: The skill reads data from
data/rocks/,data/scorecard/weeks/,data/issues/open/,data/vision.md, anddata/accountability.md.\n - Boundary markers: There are no specific delimiters or instructions to ignore potential commands embedded in the processed data.\n
- Capability inventory: The skill has the ability to read and write files, use glob patterns, and execute shell commands via
git.\n - Sanitization: There is no evidence of sanitization or validation of the content read from the files before it is processed by the agent.
Audit Metadata