Skills
skills/yohayetsion/product-org-os/cpo/Gen Agent Trust Hub

cpo

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because it ingests data from external or untrusted sources and provides powerful tools to act on that data without safety boundaries.
  • Ingestion points: Data enters the context through Read, Glob, Grep, WebSearch, and the Task tool (which receives output from sub-agents) as defined in SKILL.md.
  • Boundary markers: There are no instructions or delimiters defined to distinguish untrusted external content from system instructions.
  • Capability inventory: The skill allows the use of Bash, Write, and Edit tools in SKILL.md.
  • Sanitization: The instructions lack any requirement to sanitize, escape, or validate content before it is processed by the agent or used in subsequent tool calls.
  • [COMMAND_EXECUTION]: The skill explicitly allows the use of the Bash tool in the allowed-tools section of SKILL.md. Although the static content does not contain malicious scripts, the provision of a shell environment to an agent that processes untrusted web data or sub-agent responses constitutes a significant capability that could be exploited if the agent follows instructions embedded in its inputs.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 03:52 PM