Skills
skills/athina-ai/goose-skills/company-current-gtm-analysis/Gen Agent Trust Hub

company-current-gtm-analysis

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves and synthesizes large amounts of untrusted content from the public web.
  • Ingestion points: Phase 2 utilizes WebFetch and WebSearch to collect data from company blogs, LinkedIn posts, review sites (G2/Capterra), and social media platforms (Reddit, Twitter).
  • Boundary markers: Absent. The instructions do not provide explicit delimiters or warnings to treat external content as untrusted data.
  • Capability inventory: The skill possesses file read/write capabilities (reading context.md and writing the final report) and local command execution (running a Python script).
  • Sanitization: Absent. There is no logic provided to sanitize or filter potential malicious instructions embedded in the crawled content.
  • [COMMAND_EXECUTION]: The skill executes a local Python script scrape_linkedin_posts.py via python3 to process LinkedIn profile data.
  • [EXTERNAL_DOWNLOADS]: The skill relies on external data sources for its core functionality, querying numerous domains including SimilarWeb, G2, Capterra, Greenhouse, and various social media platforms.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 06:02 PM