ceo
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes external and potentially untrusted data sources without security delimiters.\n
- Ingestion points: The agent reads 'decision context' from beads, 'status reports' from subordinates, and 'customer feedback themes' (SKILL.md).\n
- Boundary markers: Absent. The instructions do not provide delimiters or warnings to ignore instructions embedded within the processed content.\n
- Capability inventory: The agent is granted 'access to every skill in the organization,' including permissions to perform 'config fixes' and 'write the doc' (SKILL.md).\n
- Sanitization: No validation or sanitization routines are specified for handling untrusted data.\n- [COMMAND_EXECUTION]: The skill authorizes the agent to perform 'trivial config fixes' and 'write the doc,' which implies the capability to modify the filesystem or interact with system configuration tools through its available skill set (SKILL.md).\n- [NO_CODE]: The skill consists entirely of markdown instruction files and does not contain any executable scripts or source code.
Audit Metadata