Competitor Tracker
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill establishes ingestion points for untrusted data in 'Workflow 2: Competitor Monitoring Setup' (SKILL.md), which includes 'Social Listening', 'Website Monitoring', and 'Review Monitoring'. While the skill is purely documentation-based and lacks executable code, the lack of defined boundary markers or sanitization instructions for how the agent should handle these external inputs represents a vulnerability surface for indirect prompt injection. Capability inventory: None (no code or scripts present in skill). Sanitization: Not specified.
Audit Metadata