ce-compound
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses several shell commands to gather environmental context and manage the local documentation store.
- Evidence: Uses dynamic context injection in
SKILL.md(!`git rev-parse --abbrev-ref HEAD 2>/dev/null || true`) to resolve the current Git branch name at skill load time. - Evidence: Invokes the GitHub CLI (
gh issue list) within the research phase to find related external context and issues. - Evidence: Uses standard shell utilities like
mkdir -pto create documentation directories. - Evidence: Executes a local Python script (
scripts/validate-frontmatter.py) to validate the integrity and parser-safety of generated YAML frontmatter. - [PROMPT_INJECTION]: The skill features an indirect prompt injection surface as it aggregates data from multiple sources to generate documentation.
- Ingestion points: Command output (Git branch), conversation history, platform-specific memory files (
MEMORY.md), and existing files indocs/solutions/. - Boundary markers: Instructs the agent to use labeled excerpt blocks and specific section headers to isolate external context from instructions.
- Capability inventory: The skill can write files to
docs/solutions/, update instruction files (AGENTS.md,CLAUDE.md) following user confirmation, and execute local shell/CLI commands. - Sanitization: Includes a dedicated Python validation script and specific YAML quoting rules to prevent data corruption and ensure correct parsing of untrusted content.
Audit Metadata