competitive-analysis
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): The skill consists entirely of markdown documentation providing a strategic framework. There are no scripts, command-line executions, or automated data processing functions included.
- [DATA EXPOSURE & EXFILTRATION] (SAFE): Although the guide mentions external websites for research (e.g., Crunchbase, LinkedIn, G2), it does not include any code to access these sites or handle sensitive user data.
- [INDIRECT PROMPT INJECTION] (LOW): The skill directs the agent to analyze external data such as customer reviews and competitor websites. This is a potential surface for indirect prompt injection (where an attacker could hide instructions in a web page or review). However, because this skill lacks technical capabilities like automated web scraping or file writing, the risk is negligible.
- Ingestion points: Potential ingestion of untrusted external content (competitor reviews/websites) if an agent uses this guide to browse the web.
- Boundary markers: Absent (purely instructional markdown).
- Capability inventory: None. No file-write, network-send, or subprocess calls are present in the provided file.
- Sanitization: N/A (no code present to sanitize input).
Audit Metadata