competitor-intel
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes command-line execution to run Python scripts such as setup_competitor.py, run_daily.py, run_weekly.py, and generate_report.py located in the local competitor-intel/scripts/ directory.
- [DATA_EXFILTRATION]: Intelligence reports and competitor profiles are transmitted to external recipients via email using the AgentMail service.
- [EXTERNAL_DOWNLOADS]: The skill retrieves data from external social media platforms including Reddit, Twitter/X, and LinkedIn through the Apify API and web search functionality.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its processing of untrusted content from social media platforms. * Ingestion points: Content scraped from Reddit, Twitter, and LinkedIn (SKILL.md). * Boundary markers: The instructions lack delimiters or specific guidance to prevent the agent from following instructions embedded in the external data. * Capability inventory: The skill can execute local scripts, write to the filesystem, and send emails via AgentMail. * Sanitization: No mention of sanitization or validation of the ingested social media data before it is processed.
Audit Metadata