competitor-alerts
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill process involves executing the local script
competitor-tracker.pyto persist and manage configuration settings. This creates a dependency on an external file whose contents are not defined within the skill. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because it processes untrusted data from external sources. 1. Ingestion points: Competitor website content, ad library data, and social media mentions via the monitoring pipeline. 2. Boundary markers: The process description does not specify the use of delimiters or instructions to ignore embedded commands in the ingested content. 3. Capability inventory: The skill can execute local scripts, read brand configuration files, and send notifications to external platforms. 4. Sanitization: There is no mention of sanitizing, escaping, or validating the external content before it is summarized or included in alerts.
- [DATA_EXFILTRATION]: The skill is designed to transmit competitor intelligence to external Slack channels and email addresses. Although this is the intended functionality, it establishes a routine egress path for data derived from the local environment.
Audit Metadata