ios-app-store-competitor-research
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill ingests untrusted data from external Apple App Store listings (titles, descriptions, release notes). This content could contain malicious instructions designed to influence the agent's behavior when it subsequently processes the generated reports. * Evidence Chain: 1. Ingestion points: apps.apple.com metadata via scraper script. 2. Boundary markers: None specified in the workflow or output format. 3. Capability inventory: Command execution (python3) and filesystem writes. 4. Sanitization: No sanitization or escaping of external content is mentioned.
- [Command Execution] (LOW): The skill's primary workflow involves executing a local Python script (
scripts/scrape_app_store.py) with user-provided arguments. While this is the intended functionality, the script itself was not provided in the analysis payload, making its internal security posture unverifiable.
Audit Metadata