competitor-content-tracker
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill directs the agent to execute shell commands using
python3to run scripts from referenced skills (e.g.,blog-scraper,twitter-scraper) with configuration parameters such as URLs and handles interpolated directly into the command line. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it scrapes and synthesizes content from untrusted external sources like blogs and social media profiles. Malicious instructions hidden in these posts could potentially influence the agent's behavior during the 'Analyze & Synthesize' phase.
- Ingestion points: Competitor blog URLs, LinkedIn profile text, and Twitter/X posts (Phase 1-3).
- Boundary markers: None identified. The instructions do not specify the use of delimiters or 'ignore' instructions for the scraped data.
- Capability inventory: The skill has the capability to write files (
clients/<client-name>/intelligence/) and execute subprocesses via Python. - Sanitization: No sanitization or filtering logic is described for the incoming web content.
- [REMOTE_CODE_EXECUTION]: The skill uses
npx goose-skillsin its installation metadata, which involves downloading and executing code from an external package registry.
Audit Metadata