competitor-alternatives
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized access attempts were detected within the skill content. The skill follows established patterns for AI agent context-sharing and content generation.- [NO_CODE]: The skill is composed entirely of Markdown and YAML files. It does not contain any Python, Node.js, or shell script execution logic, which significantly limits the potential for automated malicious behavior.- [PROMPT_INJECTION]: The skill provides instructions for the agent to ingest external data from project context files and third-party review platforms, creating a potential surface for indirect prompt injection. However, since the skill lacks automated execution capabilities, this surface is non-functional within the current scope.
- Ingestion points: The skill instructs the agent to read .claude/product-marketing-context.md and research competitors via external sites like G2 and Capterra.
- Boundary markers: No specific delimiters or safety instructions are provided to the agent for separating untrusted external data from system instructions.
- Capability inventory: The skill possesses no automated capabilities; there are no subprocess calls, network operations, or file-writing functions implemented in any associated files.
- Sanitization: No automated sanitization or filtering logic is present, as the skill relies on manual research and content generation by the agent.
Audit Metadata