eos
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation instructs users to install external dependencies using the command
npx skills add skinnyandbald/ceos. These resources are hosted on GitHub and provided by the same author as the skill itself. - [COMMAND_EXECUTION]: The skill utilizes
Bashfor filesystem operations and data processing. It also references a specific hardcoded absolute path (/Users/ben/code/dear-ben/content/episodes/) for scanning local content, which may not be applicable or accessible in all environments. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it processes data from external, potentially untrusted sources.
- Ingestion points: Reads data from Gmail message bodies, Google Calendar event details, Attio CRM records, and local L10 meeting notes (
02_Areas/eos/data/meetings/l10/). - Boundary markers: The logic does not specify the use of delimiters or instructions to the agent to ignore embedded prompts within the ingested data.
- Capability inventory: The skill has the ability to write to the local filesystem (
Writetool) and execute shell commands (Bashtool). - Sanitization: While no programmatic sanitization is explicitly described, the skill implements a mandatory human-in-the-loop validation step. It uses
AskUserQuestionto present every metric and its source to the user for sequential confirmation before any data is committed to disk.
Audit Metadata