Skills
skills/everyinc/compound-engineering-plugin/ce-compound-refresh/Gen Agent Trust Hub

ce-compound-refresh

Pass

Audited by Gen Agent Trust Hub on May 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a bundled Python script, scripts/validate-frontmatter.py, which performs regex-based checks on YAML frontmatter using only the Python standard library. It also executes standard Git commands such as git branch, git log, git commit, and git push to manage the documentation lifecycle.
  • [PROMPT_INJECTION]: The autofix mode contains instructions to 'Skip all user questions' and 'Never pause for input,' granting the agent significant autonomy. This allows the skill to perform file modifications and deletions without human-in-the-loop oversight when this mode is active.
  • [DATA_EXFILTRATION]: The skill uses Git to push committed changes to remote branches. While this is the intended mechanism for documentation maintenance, it constitutes a pathway for data to be sent to external repositories.
  • [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it ingests and processes existing documentation from docs/solutions/ (Category 8).
  • Ingestion points: Files within the docs/solutions/ directory and user-provided $ARGUMENTS in SKILL.md.
  • Boundary markers: The skill employs subagents for context isolation when handling multiple independent documentation artifacts.
  • Capability inventory: Includes file system modifications (Update, Consolidate, Replace, Delete), Git version control operations, and execution of a local Python script.
  • Sanitization: Uses a dedicated validate-frontmatter.py script to ensure structured YAML data integrity.
Audit Metadata
Risk Level
SAFE
Analyzed
May 10, 2026, 10:29 PM