geo-competitor-scanner
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill retrieves public metadata and technical files (e.g., /llms.txt, /robots.txt) from domains provided by the user. These requests use the standard requests library with a 10-second timeout and are essential for the skill's analytical function.
- [COMMAND_EXECUTION]: The skill uses local Python scripts to perform data processing. These scripts are implemented using standard libraries and do not execute external commands or arbitrary user strings.
- [REMOTE_CODE_EXECUTION]: No remote code execution vectors were identified. The skill parses HTML and JSON content using robust libraries (BeautifulSoup and the native json module) that do not evaluate the content as code.
- [DATA_EXPOSURE]: There is no access to sensitive system files or credentials. The skill only processes publicly accessible information found on the targeted websites.
- [PROMPT_INJECTION]: The risk of indirect prompt injection is mitigated by the skill's design.
- Ingestion points: scripts/scan_competitors.py fetches external website content via requests.get().
- Boundary markers: Scan results are structured into a markdown comparison report.
- Capability inventory: Network access (requests), HTML parsing (BeautifulSoup), and JSON parsing.
- Sanitization: The skill extracts specific technical metrics (counts of headers, FAQ mentions, schema types) rather than raw text ingestion, preventing accidental interpretation of external content as instructions.
Audit Metadata