competitor-teardown
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill heavily utilizes the
infshCLI to execute various sub-applications for web research, image stitching, and browser automation. - [EXTERNAL_DOWNLOADS]: It fetches data from external APIs and services, including Tavily and Exa, and retrieves content from arbitrary competitor websites for analysis and screenshots.
- [INDIRECT_PROMPT_INJECTION]:
- Ingestion points: Data is ingested from external search results and website content via
tavily/search-assistant,exa/search, andinfsh/agent-browser. - Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are provided for handling the retrieved external content.
- Capability inventory: The skill can execute CLI commands, run Python scripts, and access the network.
- Sanitization: There is no evidence of sanitization or filtering of the content retrieved from external sources before it is processed by the agent.
- [DYNAMIC_EXECUTION]: The skill includes a Python script template executed via
infsh/python-executorthat usesmatplotlibto generate positioning maps at runtime.
Audit Metadata