competitor-teardown
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the 'infsh' CLI (a vendor-provided tool) to execute various sub-applications for research and visualization purposes.
- Evidence: Examples include 'infsh app run tavily/search-assistant', 'infsh app run infsh/agent-browser', and 'infsh app run infsh/python-executor' for plotting positioning maps.
- [EXTERNAL_DOWNLOADS]: The documentation suggests installing auxiliary skills from the author's official repository.
- Evidence: Instructions mention adding 'inference-sh/skills@agent-tools' and 'inference-sh/skills@web-search' via npx.
- [PROMPT_INJECTION]: As the skill ingests content from external web searches, it is theoretically susceptible to indirect prompt injection from malicious website content.
- Ingestion points: Data retrieved from 'tavily/search-assistant', 'exa/search', and 'tavily/extract' (SKILL.md).
- Boundary markers: No explicit delimiters or safety instructions are defined in the provided command templates to segregate search results.
- Capability inventory: The skill possesses 'Bash(infsh *)' permissions, allowing it to interact with the filesystem, network, and browser through the infsh environment.
- Sanitization: No specific sanitization or filtering of external data is described.
Audit Metadata