customer-discovery
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill retrieves data from the Wayback Machine (web.archive.org) and BuiltWith (builtwith.com) to perform historical and technical research.
- [COMMAND_EXECUTION]: The skill instructs the agent to run Python scripts and create directories via the shell. This pattern relies on the agent to safely handle user-provided company names that are interpolated into these commands.
- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection by processing external data from the web.
- Ingestion points: Untrusted data is ingested from arbitrary URLs during web scraping, specifically from image alt attributes, page titles, and headings in scripts like scrape_website_logos.py.
- Boundary markers: There are no explicit instructions or delimiters used to separate the scraped data from the agent's instructions.
- Capability inventory: The skill allows the agent to execute shell commands (mkdir, python3) and perform network requests.
- Sanitization: The extraction scripts perform string normalization for data quality but do not sanitize the content to prevent potential instruction injection targeting the LLM.
Audit Metadata