competitive-pricing-intel
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from external sources and has the capability to write to the file system.
- Ingestion points: The skill fetches content from competitor pricing URLs, Reddit, and various blogs using
fetch_webpageandweb_searchtools in Phase 1. - Boundary markers: No specific delimiters or instructions (e.g., "ignore embedded commands") are provided to the agent to distinguish between its own instructions and the content of the scraped pages.
- Capability inventory: The skill instructs the agent to write a structured markdown report to a local path (
clients/<client-name>/product-marketing/pricing-intel/...). - Sanitization: There is no logic for sanitizing, validating, or escaping the external content before it is incorporated into the agent's analysis or written to the disk.
- [COMMAND_EXECUTION]: The skill instructions include a shell command example for creating a cron job to automate execution.
- Evidence: The
Schedulingsection provides abashblock:0 8 1 * * python3 run_skill.py competitive-pricing-intel --client <client-name>. This involves executing a Python runner via the system scheduler.
Audit Metadata