competitor-monitor
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes a local Python script named
competitor-tracker.pywith thesave-baselinecommand to store collected data. This script is expected to be present in the execution environment. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it scrapes and processes untrusted data from external competitor websites to generate analysis briefs.
- Ingestion points: External website URLs provided by the user (Step 2), including meta tags, page titles, H1 headings, and core messaging blocks.
- Boundary markers: None identified. The instructions do not specify any delimiters or safety prompts to prevent the agent from obeying instructions that might be embedded in the scraped HTML (e.g., hidden text on a competitor's pricing page).
- Capability inventory: The skill has the ability to execute the
competitor-tracker.pyscript, access the local file system at~/.claude-marketing/, and send notifications to external channels like Slack or email. - Sanitization: None identified. The skill appears to directly synthesize scraped data into a structured narrative brief without explicit filtering or validation of the content.
Audit Metadata