industry-scanner
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill automates workflows by invoking several local Python scripts via shell commands (e.g.,
python3 skills/blog-scraper/scripts/scrape_blogs.py). This orchestration pattern assumes that all referenced sub-skills are installed and safe within the execution environment. - [PROMPT_INJECTION]: The skill presents a significant surface for indirect prompt injection due to its core functionality of aggregating and analyzing content from numerous untrusted external sources.
- Ingestion points: Data is ingested from the public internet through multiple scraping scripts and the built-in WebSearch tool across social media, blogs, and news feeds.
- Boundary markers: The instructions do not define boundary markers or explicit directives to the agent to ignore instructions embedded within the scraped data during the consolidation phase.
- Capability inventory: The agent is authorized to write intelligence reports to the local filesystem and is encouraged to suggest tactics that invoke other high-privilege skills, such as outreach and contact finding tools.
- Sanitization: There is no mechanism described for sanitizing, escaping, or validating the external content before it is processed by the agent to generate strategic advice.
Audit Metadata