Skills
skills/fivetaku/claude-office-skills/competitive-analysis/Gen Agent Trust Hub

competitive-analysis

Pass

Audited by Gen Agent Trust Hub on Apr 15, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill ensures the python-pptx library is available by installing it from the official Python Package Index (PyPI). PyPI is a well-known and standard service for Python dependencies.
  • [COMMAND_EXECUTION]: Shell commands are used to verify the environment and install necessary libraries (python3 -c "import pptx" and python3 -m pip install). These operations are restricted to environment preparation.
  • [PROMPT_INJECTION]: The skill processes external, user-provided data files (Excel/CSV), creating a surface for potential indirect prompt injection.
  • Ingestion points: Untrusted data enters the agent context via user-uploaded Excel or CSV files (SKILL.md, Phase 1).
  • Boundary markers: Absent. No explicit delimiters or instructions to ignore embedded commands are specified for the data ingestion process.
  • Capability inventory: The skill uses python-pptx for generating slide content. No network operations or arbitrary shell execution capabilities are utilized during data processing.
  • Sanitization: The skill lacks automated sanitization for the ingested data, relying instead on manual user confirmation of data mappings.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 15, 2026, 08:10 AM