competitor-teardown
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from external websites and search engines (via Tavily and agent-browser) to generate reports. This creates an indirect prompt injection surface where adversarial content on a competitor's site could attempt to influence the agent's subsequent actions.
- Ingestion points: External websites accessed via
infsh/agent-browserand search results fromtavily/search-assistant. - Boundary markers: The skill does not define explicit delimiters or warnings for the agent to ignore instructions embedded in the analyzed content.
- Capability inventory: The agent can execute various shell commands and run sub-applications via the
infshtool. - Sanitization: No sanitization logic is present to filter malicious instructions from retrieved data.
- [COMMAND_EXECUTION]: The skill relies on the
infshCLI to execute tasks, including web browsing, searching, and code execution. This behavior is documented and aligns with the skill's purpose but involves running external processes based on user queries. - [REMOTE_CODE_EXECUTION]: The skill includes a template for generating positioning maps using an
infsh/python-executor. Although the provided code is a static visualization script usingmatplotlib, it utilizes runtime code execution capabilities. - [EXTERNAL_DOWNLOADS]: The documentation points to a remote GitHub repository (
raw.githubusercontent.com/inference-sh/skills) for CLI installation instructions and mentions adding remote skills vianpx.
Audit Metadata