competitor-monitor
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- Prompt Injection (LOW): Potential for Indirect Prompt Injection. The skill processes content from untrusted competitor websites which could contain malicious instructions designed to manipulate the agent's behavior.
- Ingestion points: fetch_page method in scripts/main.py fetches data from arbitrary URLs.
- Boundary markers: Absent; fetched text is directly echoed or saved.
- Capability inventory: Local file writing (Path.write_text) and network access (requests.get).
- Sanitization: Content is stripped via BeautifulSoup.get_text(), but raw HTML is preserved in snapshots.
- Data Exposure & Exfiltration (LOW): Risk of Server-Side Request Forgery (SSRF) and arbitrary file writes.
- Evidence: requests.get(url) lacks validation, allowing the agent to be coerced into making requests to internal network services.
- Evidence: User-controlled paths in the --save and --output arguments allow writing web content to arbitrary locations on the file system.
Audit Metadata