ce-ideate
Warn
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on bash shell commands to manage its execution flow and state. It performs directory operations with
mkdir -p, searches for session-scoped cache files usingfind, and retrieves repository metadata viagit remote get-urlandgit rev-parse. - [DATA_EXFILTRATION]: The skill stores project-related information, including research results and generated ideas, in the
/tmp/compound-engineering/ce-ideate/directory. The instructions explicitly bypass the isolated$TMPDIRvariable in favor of a globally accessible path, which potentially exposes sensitive project strategy or intellectual property to other users on the same system. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its ingestion of untrusted external data. It pulls information from GitHub issues, Slack messages, and web research to ground its ideation process. Without explicit sanitization or strict boundary delimiters for this external content, an attacker could poison these sources to manipulate the agent's reasoning or subsequent actions.
Audit Metadata