Skills
skills/nikiandr/goose-skills/review-intelligence-digest/Gen Agent Trust Hub

review-intelligence-digest

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing untrusted data from external reviews.
  • Ingestion points: Review content scraped from G2, Capterra, and Trustpilot URLs as described in SKILL.md.
  • Boundary markers: Absent; the instructions do not use delimiters or specify that embedded instructions in reviews should be ignored.
  • Capability inventory: The skill can execute local scripts and write output files to the local directory.
  • Sanitization: No mention of sanitization or validation of the scraped text before analysis.
  • [COMMAND_EXECUTION]: The skill runs local Python scripts to perform scraping and orchestration tasks.
  • Evidence: Execution of python3 skills/review-scraper/scripts/scrape_reviews.py and python3 run_skill.py.
  • [EXTERNAL_DOWNLOADS]: Fetches data from external review platforms via the Apify API.
  • Evidence: Targeted platform URLs include G2, Capterra, and Trustpilot.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 05:18 PM