ceos-quarterly
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill automatically executes a shell command to synchronize repository data.
- Evidence:
git -C <ceos_root> pull --ff-only --quiet 2>/dev/nullis invoked to ensure local data is up to date with teammates. - [EXTERNAL_DOWNLOADS]: The skill performs network operations to pull updates from a remote git repository.
- Evidence: The
git pulloperation fetches data from a remote source, though it is intended for synchronization within the CEOS framework. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted content from markdown files to drive its conversation logic.
- Ingestion points: The skill reads
data/vision.md,data/accountability.md,data/rocks/, anddata/people/to extract core values, seats, and performance ratings. - Boundary markers: Absent. The skill does not use specific delimiters or instructions to ignore potential commands embedded in the source files.
- Capability inventory: The skill has the ability to
Writeto the file system (creating conversation logs) and executegitcommands via a subprocess. - Sanitization: Absent. There is no evidence of validation or filtering for the content extracted from the markdown files before it is used in the agent's prompts.
Audit Metadata