competitive-intelligence
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill defines workflows that involve the ingestion of data from external, untrusted sources such as competitor websites, social media, and user reviews (G2, Capterra, Reddit) using web retrieval tools. This creates an attack surface for indirect prompt injection, where an attacker might embed instructions in a website's content or metadata to manipulate the agent's findings or behavior.
- Ingestion points: Defined in 'Intelligence Gathering Methods' (Public Sources, Customer Feedback, Market Intelligence).
- Boundary markers: Absent; templates for competitor profiles and battle cards do not specify the use of delimiters or 'ignore embedded instructions' warnings for external data.
- Capability inventory: The skill utilizes WebSearch and WebFetch tools for data collection.
- Sanitization: No sanitization, validation, or content filtering is specified for the data retrieved from the web.
Audit Metadata