competitor-analysis
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The skill is comprised solely of Markdown files that provide analysis frameworks, reporting templates, and strategic instructions. There are no Python scripts, Node.js packages, or executable binaries present in the file set.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because its core functionality involves ingesting and analyzing untrusted data from external competitor websites (e.g., Step 7 of the analysis workflow).
- Ingestion points: External content from competitor URLs processed during keyword and content audits as described in SKILL.md.
- Boundary markers: The instructions do not specify the use of delimiters or 'ignore embedded instructions' prompts when processing external content.
- Capability inventory: The agent uses the ingested data to generate strategic recommendations, battlecards, and action plans.
- Sanitization: There are no instructions provided for sanitizing or filtering external content before it is processed by the LLM.
Audit Metadata