competitor-research
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill reads local data from files like project-context.md and user-provided Excel or CSV spreadsheets to perform its analysis tasks. This is a standard operation for contextual research skills.\n- [EXTERNAL_DOWNLOADS]: The workflow involves fetching content from external competitor URLs using tools such as mcp_web_fetch or WebSearch to analyze article structures and metadata.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests untrusted content from the web and external data files without explicit instructions for boundary markers or sanitization.\n
- Ingestion points: External competitor websites fetched via mcp_web_fetch and user-uploaded data files (Excel/CSV).\n
- Boundary markers: Absent from the provided instructions.\n
- Capability inventory: Reading local files and performing network-based web fetching via integrated tools.\n
- Sanitization: No specific sanitization or content validation steps are documented for the ingested data.
Audit Metadata