competitive-analysis
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- Indirect Prompt Injection (SAFE): The skill is designed to process untrusted external data such as competitor pricing pages, customer reviews, and web links. While this creates a surface for indirect prompt injection, the skill lacks any capabilities (such as code execution or file-writing) that could be maliciously leveraged.
- Ingestion points: Evidence gathering steps in
SKILL.mdandreferences/WORKFLOW.md. - Boundary markers: No specific delimiters or "ignore instructions" tags are used for user-provided evidence.
- Capability inventory: No scripts, subprocess calls, or network operations are included in the package.
- Sanitization: No explicit sanitization or validation of input data is defined.
- Data Exposure (SAFE): The skill requests internal business data (e.g., win/loss notes, call transcripts) for analysis. This is consistent with the skill's primary purpose and there are no mechanisms present to exfiltrate this data or access unauthorized file paths.
Audit Metadata