ce-compound
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it ingests and processes untrusted data from conversation history and investigation steps to generate documentation.
- Ingestion points: Conversation history and historical investigation steps analyzed by parallel subagents in Phase 1 (SKILL.md).
- Boundary markers: Not explicitly defined in the instructions for subagents to distinguish between legitimate conversation and potential embedded instructions (SKILL.md).
- Capability inventory: The skill has the ability to write files and create directories within the
docs/solutions/project path (SKILL.md). - Sanitization: The skill validates YAML frontmatter against a schema but does not specify sanitization or escaping of the extracted solution text (SKILL.md).
- [COMMAND_EXECUTION]: The skill uses standard shell commands for file organization and directory management.
- Evidence: The orchestrator executes
mkdir -pto create directory structures for documenting solutions based on detected categories (SKILL.md).
Audit Metadata