competitor-teardown
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill makes extensive use of the
beltCLI tool to execute various research and analysis applications, includingtavily/search-assistantandinfsh/agent-browser. - [EXTERNAL_DOWNLOADS]: References installation instructions for the required
beltCLI from the vendor's official GitHub repository atraw.githubusercontent.com/inference-sh/skills. - [REMOTE_CODE_EXECUTION]: Employs a Python execution tool (
infsh/python-executor) to run code for generating positioning maps. The code is provided as a template within the skill instructions. - [DATA_EXFILTRATION]: Ingests and processes data from arbitrary external URLs (competitor websites) and search engine results to perform teardowns and feature comparisons.
- [INDIRECT_PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data from the web.
- Ingestion points: Web content retrieved via
infsh/agent-browser,tavily/extract, and search results fromtavily/search-assistantandexa/search(referenced inSKILL.md). - Boundary markers: Absent; the skill does not explicitly instruct the agent to ignore instructions embedded in the retrieved web content.
- Capability inventory: Includes shell command execution via the
beltCLI and Python code execution viainfsh/python-executor. - Sanitization: No evidence of sanitization or validation of the ingested external content before it is processed by the agent.
Audit Metadata