Skills
skills/skinnyandbald/fish-skills/ceo-briefing/Gen Agent Trust Hub

ceo-briefing

Warn

Audited by Gen Agent Trust Hub on Mar 8, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [DATA_EXPOSURE_AND_EXFILTRATION]: The skill accesses sensitive local directories including '01_Projects/consulting/', '02_Areas/notes/', and '02_Areas/consulting/' to gather existing context. It also retrieves records and relationship history from the Attio CRM.
  • [COMMAND_EXECUTION]: To gather intelligence, the skill uses 'grep' to search the local file system and 'Bash' commands (potentially 'curl') to interact with the Attio REST API if MCP tools are unavailable.
  • [EXTERNAL_DOWNLOADS]: The skill fetches data from the web using 'WebSearch' and 'WebFetch', targeting primary sources such as SEC filings, earnings reports, and reputable trade publications.
  • [INDIRECT_PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its broad data ingestion and powerful capabilities.
  • Ingestion points: Reads external web content via WebFetch/WebSearch and processes user-supplied files and local vault notes.
  • Boundary markers: None present. The skill does not explicitly instruct the agent to ignore or delimit potentially malicious instructions embedded in fetched web data.
  • Capability inventory: Includes file reading (grep), file writing (saving briefings), and network access/command execution (Bash/API calls).
  • Sanitization: No evidence of sanitization or validation of content retrieved from external URLs before processing.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 8, 2026, 08:49 PM