competitor-monitor
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the execution of a local Python script
competitor-tracker.py(Step 3). The source code for this script is not provided within the skill package, making its behavior and safety unverified. - [COMMAND_EXECUTION]: The skill accesses the file system to read brand profiles, guidelines, and SOPs from the user's home directory (
~/.claude-marketing/). While these paths are skill-specific, accessing data in the home directory should be monitored. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from competitor websites.
- Ingestion points: Website meta tags, page titles, H1 headings, and core messaging blocks captured from external competitor URLs (Step 2).
- Boundary markers: Absent. There are no instructions to the agent to distinguish between its own logic and instructions that might be embedded in the crawled content.
- Capability inventory: The agent has the ability to execute the
competitor-tracker.pyscript and read local configuration files. - Sanitization: Absent. No validation or sanitization is performed on the data retrieved from external sources before it is processed or saved.
Audit Metadata