competitive-analysis
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFENO_CODE
Full Analysis
- SAFE (SAFE): No malicious patterns, obfuscation, or safety bypass attempts were detected across the 10 skill files. The content is strictly limited to business analysis frameworks.
- NO_CODE (SAFE): The skill does not include any executable scripts (.py, .js, .sh), binaries, or package management files. It relies entirely on natural language instructions for the agent.
- PROMPT_INJECTION (SAFE): No direct prompt injection, jailbreak attempts, or instructions to override safety filters were found. The skill includes explicit negative constraints, such as 'You’re seeking confidential or non-public competitor information (do not attempt)', which reinforces safety boundaries.
- DATA_EXPOSURE & EXFILTRATION (SAFE): No hardcoded API keys, tokens, or sensitive file paths were identified. The skill does not define any automated network exfiltration logic.
- INDIRECT PROMPT INJECTION (SAFE): A potential attack surface exists due to data ingestion, but it is not exploitable within the skill context.
- Ingestion points: The skill ingests untrusted external data such as 'links, win/loss notes, call transcripts, customer quotes, and reviews' (references/INTAKE.md).
- Boundary markers: Absent; the skill does not define specific delimiters for external content.
- Capability inventory: None; the skill does not contain any code for file-writing, network operations, or subprocess execution.
- Sanitization: Absent; the skill assumes the host agent's standard sanitization.
Audit Metadata