ceo-weekly-review
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary function is to read and write to local project files (e.g.,
MEMORY.md,memory/*.json,memory/*.md) to track business KPIs and hypotheses. This behavior is consistent with its stated purpose as a CEO review tool. - [SAFE]: The skill queries PostHog, a well-known analytics service, to retrieve product usage metrics. This interaction is documented neutrally as a standard business tool integration.
- [SAFE]: The skill processes untrusted content from daily logs and external analytics data. This creates an indirect prompt injection surface; however, the data ingestion is handled through structured analysis steps designed for business reporting rather than executable command generation.
- Ingestion points: Local logs (
memory/YYYY-MM-DD.md), hypothesis files, and PostHog API metrics. - Boundary markers: The skill employs a structured process (Steps 0 through 7) to compartmentalize data gathering from final reporting.
- Capability inventory: Local file system read/write access and network access to well-known analytics services.
- Sanitization: Not explicitly implemented, but the instructions focus on extracting specific metrics and answering predetermined strategic questions.
Audit Metadata