competitor-ad-teardown
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions provide a shell command template (python3) that uses a variable (<competitor_domain>) derived directly from user input. This pattern is susceptible to shell command injection if the agent does not sanitize the input before execution.
- [EXTERNAL_DOWNLOADS]: The skill requires an external API token (APIFY_API_TOKEN) and uses an installation command (npx goose-skills install) that downloads and installs packages from a registry.
- [PROMPT_INJECTION]: The skill fetches and analyzes content from external competitor landing pages, which could contain malicious instructions designed to influence the agent's behavior. Ingestion points: Competitor landing page URLs identified during the ad scraping phase. Boundary markers: None present in the instructions to isolate the untrusted external content. Capability inventory: The skill possesses the ability to execute shell commands and write report files to the local filesystem. Sanitization: No explicit sanitization, filtering, or validation of the fetched webpage content is defined before the analysis phase.
Audit Metadata