ceo-weekly-review

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill's primary function is to read and write to local project files (e.g., MEMORY.md, memory/*.json, memory/*.md) to track business KPIs and hypotheses. This behavior is consistent with its stated purpose as a CEO review tool.
  • [SAFE]: The skill queries PostHog, a well-known analytics service, to retrieve product usage metrics. This interaction is documented neutrally as a standard business tool integration.
  • [SAFE]: The skill processes untrusted content from daily logs and external analytics data. This creates an indirect prompt injection surface; however, the data ingestion is handled through structured analysis steps designed for business reporting rather than executable command generation.
  • Ingestion points: Local logs (memory/YYYY-MM-DD.md), hypothesis files, and PostHog API metrics.
  • Boundary markers: The skill employs a structured process (Steps 0 through 7) to compartmentalize data gathering from final reporting.
  • Capability inventory: Local file system read/write access and network access to well-known analytics services.
  • Sanitization: Not explicitly implemented, but the instructions focus on extracting specific metrics and answering predetermined strategic questions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 04:54 AM
Security Audit — agent-trust-hub — ceo-weekly-review