ceos-scorecard
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill automatically executes a
git pullcommand (git -C <ceos_root> pull --ff-only --quiet) to synchronize the local repository with remote changes before performing operations. This is a functional requirement for the skill's purpose but involves shell execution. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the files it processes.
- Ingestion points: The skill reads metric names, owner names, goals, and weekly values from
data/scorecard/metrics.md,data/accountability.md, and various weekly files indata/scorecard/weeks/. - Boundary markers: There are no explicit delimiters or instructions provided to the model to ignore potential commands embedded within the metric data or accountability charts.
- Capability inventory: The skill has the ability to write to the filesystem and execute git commands.
- Sanitization: No sanitization or content validation is performed on the data read from the Markdown files before it is used in the agent's context.
Audit Metadata