Skills
skills/openclaudia/openclaudia-skills/content-gap-analysis/Gen Agent Trust Hub

content-gap-analysis

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • COMMAND_EXECUTION (LOW): The skill instructs the agent to execute curl commands in a shell environment to fetch XML sitemaps and interact with the SemRush API. While these are for legitimate analysis, shell execution carries inherent risks if parameters are not carefully controlled.
  • EXTERNAL_DOWNLOADS (LOW): The skill performs network requests to non-whitelisted domains (specifically api.semrush.com and arbitrary competitor domains) to retrieve content and data for analysis.
  • PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) because it processes untrusted content from external competitor sitemaps and local codebase files (MDX/Markdown) without specific sanitization or boundary markers.
  • Ingestion points: sitemap.xml (user and competitor), local MDX/Markdown files, and SemRush API responses.
  • Boundary markers: Absent; the instructions do not specify delimiters or warnings to ignore instructions found within analyzed content.
  • Capability inventory: curl (network access), file system read access for codebase auditing.
  • Sanitization: Absent; data is processed directly to identify topics and categories.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:10 PM