Skills
skills/inference-sh/agent-skills/competitor-teardown/Gen Agent Trust Hub

competitor-teardown

Pass

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirec t prompt injection at tack vector s.
  • In g estion point s: The agen t ing est s untrusted data from competitor web site s, pricing page s, and user review platform s (like G2, Capterra, and Red dit) using the tavily/extract and inf s h/agen t-browse r app s.
  • Bound ary marker s: No specifi c delimite r s or instruc tion isolation warning s are presen t in the tem plate s to preven t the LLM from obey ing instruc tion s hid den within the se external source s.
  • Capability inventor y: The skill has read/write file acces s, networ k operation s via Bas h tool s, an d dynamic Pytho n execution capabilities.
  • Saniti z atio n: The re is no eviden ce of filte ring or saniti z ing the external conten t befor e it is inter polate d in to the agen t's respon se or sub seq uen t tas k s.
  • [COMMAND_EXECUTION]: Em ploy s inf s h/pytho n-executo r to run dynamic al l y generate d Pytho n code (using mat plot lib) for creating visual mar ke t position in g map s.
  • [EXTERNAL_DOWNLOADS]: Perform s external researc h via Tavily an d Exa API s an d inter act s direc t l y with unknow n thir d-part y url s to extrac t pricin g an d review data.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 17, 2026, 10:29 PM