ceos-vto
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is instructed to automatically execute a Git synchronization command upon identifying the repository root.
- Evidence: The 'Context' section directs the agent to run
git -C <ceos_root> pull --ff-only --quiet 2>/dev/nullto fetch updates from teammates. - [DATA_EXFILTRATION]: The skill reads and processes sensitive organizational data, including strategic plans and accountability charts.
- Evidence: The skill accesses
data/vision.md,data/accountability.md, and goal-tracking files within thedata/rocks/directory. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection via the markdown documents it is designed to ingest.
- Ingestion points: Data is read from
data/vision.mdand various files indata/rocks/. - Boundary markers: The skill does not use specific delimiters or instructions to prevent the model from executing commands that might be embedded in the business documents.
- Capability inventory: The skill has permissions to write to the filesystem (
data/vision.md) and execute shell commands (git). - Sanitization: Content from the files is interpolated into the prompt without validation or escaping of potentially malicious instructions.
Audit Metadata