Skills
skills/saccoai/agent-skills/saccoai-competitive-analysis/Gen Agent Trust Hub

saccoai-competitive-analysis

Pass

Audited by Gen Agent Trust Hub on Mar 27, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches content from external websites provided by the user or discovered via automated search queries to gather benchmarking data.
  • [COMMAND_EXECUTION]: Orchestrates the execution of sub-skills and internal tools, specifically saccoai-website-analysis, agent-browser, and saccoai-proposal, to perform parallel crawling and report generation.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from external websites which is subsequently processed by the agent to create narrative reports.
  • Ingestion points: HTML content, meta tags, and technical signals from external domains (SKILL.md, Phase 1).
  • Boundary markers: Absent; the instructions do not specify delimiters or directions to ignore instructions embedded within the crawled content.
  • Capability inventory: Performs file writes to the local .saccoai/ directory and triggers the saccoai-proposal skill to integrate findings into client documents.
  • Sanitization: Absent; the workflow normalizes and benchmarks data without explicit sanitization or filtering of text retrieved from the target websites.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 27, 2026, 09:17 AM