competitor-analyzer
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests and processes untrusted data from external websites.
- Ingestion points: Untrusted content is fetched from competitor URLs (homepage and pricing pages) using the firecrawl_scrape tool. Fields such as hero_headline, sub_headline, and value_proposition are extracted and presented to the agent for analysis.
- Boundary markers: There are no explicit boundary markers or instructions to ignore potential commands embedded in the scraped text during the analysis phase (Step 4).
- Capability inventory: The skill can read and write local markdown files in the research-memory and brand-memory directories.
- Sanitization: No sanitization or validation of the scraped website content is performed before it is processed by the AI.
- [DATA_EXFILTRATION]: The skill performs network operations to fetch data from non-whitelisted domains (Category 2). It uses the Firecrawl service to access arbitrary competitor websites provided by the user or found in research files. While this is the intended functionality, it involves outbound network requests to external third-party servers.
Audit Metadata