playstore-competitor-analysis
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill executes a local script
scripts/scrape_play_store.pyto automate data extraction, which aligns with its documented features. - [EXTERNAL_DOWNLOADS] (LOW): The skill installs the
google-play-scraperPython package and downloads assets from Google Play Store domains that are not included in the trusted whitelist. - [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection from untrusted metadata in Play Store listings. 1. Ingestion points: App titles, descriptions, and reviews are processed via
scripts/scrape_play_store.py. 2. Boundary markers: No markers or explicit instructions are provided to the agent to ignore embedded commands in the scraped data. 3. Capability inventory: The skill can execute Python code and write files (reports and images) to the local system. 4. Sanitization: There is no evidence of sanitization or validation of the text extracted from the external app listings.
Audit Metadata