competitor-intelligence
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from external social media accounts without appropriate safeguards.
- Ingestion points: Data enters the agent context through tools such as
x_get_profile(bios),x_get_tweets(tweet content), andx_get_followers(follower bios) as described in the workflow section ofSKILL.md. - Boundary markers: The skill does not define any delimiters or instructions to the agent to disregard commands embedded within the retrieved social media content.
- Capability inventory: The skill utilizes multiple MCP tools and browser scripts (located in the
src/directory) to process and compare account data. - Sanitization: There is no evidence of content validation, escaping, or filtering to prevent malicious instructions in bios or tweets from influencing agent behavior.
Audit Metadata