competitor-site-analysis
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection by processing untrusted data from external websites.\n
- Ingestion points: Step 3 involves fetching data from up to six user-defined competitor pages (Homepage, Pricing, Features, etc.).\n
- Boundary markers: The instructions lack explicit markers to delineate external content or directives for the model to ignore embedded instructions.\n
- Capability inventory: The skill utilizes web-fetching capabilities and potentially Playwright MCP for dynamic content rendering.\n
- Sanitization: No sanitization or validation logic is defined to inspect the fetched content for malicious payloads.
Audit Metadata