competitor-data-verifier
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill is designed to gather public information from competitor domains and documentation subdomains, which aligns with its intended purpose.
- [SAFE]: A strict no-auto-modify policy is enforced, ensuring that all data updates are presented as recommendations in a report for human validation.
- [SAFE]: Analysis of the reference files shows the use of zero-width space characters (U+200B) in markdown templates as a benign escaping mechanism for documentation.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection through the ingestion of external web content. Ingestion points: WebFetch and WebSearch results from competitor websites; Boundary markers: absent; Capability inventory: Read and Glob operations (no write or shell execution capabilities); Sanitization: none. This surface is assessed as safe because the agent's actions are restricted to comparative analysis and report generation with human oversight.
Audit Metadata