industry-scanner
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its ingestion of large volumes of untrusted data from external sources.
- Ingestion points: Data enters the agent's context from web search results, public blogs, Reddit threads, Twitter feeds, LinkedIn posts, Hacker News, and newsletters (Phase 2).
- Boundary markers: There are no defined delimiters or specific instructions within the skill logic to isolate or ignore potentially malicious instructions embedded in the external content.
- Capability inventory: The skill has access to local client configuration and context files, can write intelligence reports to the filesystem, and executes subprocesses for data collection.
- Sanitization: The skill lacks mechanisms to sanitize or filter the content collected from external sources before it is processed by the language model for strategy generation.
- [COMMAND_EXECUTION]: The skill executes multiple local Python scripts via shell commands as part of its core orchestration logic.
- Evidence: Phase 2 explicitly lists bash commands such as
python3 skills/blog-scraper/scripts/scrape_blogs.pyandpython3 skills/reddit-scraper/scripts/search_reddit.pywhich are called with arguments derived from configuration files and lookback periods.
Audit Metadata