Skills
skills/buyoung/skills/biz-opportunity-scout/Gen Agent Trust Hub

biz-opportunity-scout

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (LOW): The report_template.md specifies the inclusion of a remote JavaScript file from https://cdn.jsdelivr.net/npm/@tailwindcss/browser@4. While JSDelivr is a reputable CDN, this introduces a remote dependency in every generated report, which could pose a risk if the CDN or the package is compromised.
  • Indirect Prompt Injection (LOW): The skill's primary function involves performing web searches for market data, pricing, and reviews. This creates an ingestion surface where malicious content from the web could potentially influence the agent's analysis or the content of the final report. Evidence:
  • Ingestion points: Web Search (SKILL.md, references/*.md)
  • Boundary markers: None specified in instructions
  • Capability inventory: File write (report generation), Web Search
  • Sanitization: No explicit sanitization logic provided in the instructions.
  • Dynamic Execution (LOW): The skill generates HTML files by interpolating web-scraped data into a template. Without explicit sanitization instructions, there is a risk that malicious data from a website could result in XSS when the generated report is opened by a user.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:23 PM