competitor-teardown
Fail
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill's setup instructions (SKILL.md) direct users to execute a remote shell script via
curl -fsSL https://cli.inference.sh | sh. This pattern is highly risky as it executes unverified code from the internet with the user's local system privileges.\n- [COMMAND_EXECUTION]: The skill uses theinfsh/python-executortool to run embedded Python code (SKILL.md) at runtime. This allows the agent to execute arbitrary Python logic, which in this case is used for generating positioning maps using matplotlib.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from the web during the competitive analysis process.\n - Ingestion points: Untrusted content is fetched via the
tavily/search-assistant,exa/search, andinfsh/agent-browsertools (SKILL.md).\n - Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat fetched web content as untrusted data rather than instructions.\n
- Capability inventory: The environment allows powerful actions including shell access via
Bashand arbitrary script execution viapython-executor.\n - Sanitization: No input validation or sanitization is performed on retrieved competitor data before it is processed into final analysis deliverables.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
Audit Metadata