competitive-cartographer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The file
scripts/validate_map.shis a utility script for validating the structure of competitive maps generated by the agent. - It uses the
jqutility to perform schema validation on local JSON files. - The script employs defensive coding practices, such as
set -eand proper variable quoting to prevent word-splitting and shell injection. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill utilizes
WebSearchandWebFetchto analyze external competitor websites, which is an inherent surface for indirect injection. - Ingestion points: Competitor taglines, messaging, and content are fetched from external URLs via
WebFetch(referenced inreferences/mapping-process.md). - Boundary markers: None explicitly defined in the prompts to distinguish between competitor data and agent instructions.
- Capability inventory: The skill has
Read,Write,WebSearch,WebFetchtools and local script execution capabilities. - Sanitization: No specific sanitization steps are documented for processing untrusted web content before it is integrated into the mapping process.
- [SAFE] (SAFE): All other files, including the methodology and troubleshooting guides, contain purely instructional content with no executable code or malicious directives.
Audit Metadata