competitor-monitoring
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to ingest and summarize data from untrusted external sources, including competitor pricing pages, blogs, and social media. This creates a surface for Indirect Prompt Injection. Ingestion points: Competitor websites, changelogs, job boards, blogs, and social media (SKILL.md). Boundary markers: None present. Capability inventory: No executable scripts or tools are included in the skill. Sanitization: No explicit validation or sanitization steps are defined for external content.
- [NO_CODE]: The skill consists entirely of markdown-based instructions for the agent and does not include any Python, JavaScript, or shell scripts, which significantly reduces the risk of direct technical exploitation.
Audit Metadata