competitor-analyzer

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.80). The prompt explicitly instructs the agent to read ALL .md files in research-memory (beyond the advertised competitive-intel.md and brand-memory), which could expose unrelated private data and goes beyond the skill's stated purpose of scraping competitor websites.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly uses Firecrawl to fetch and scrape public competitor websites (homepage and pricing pages) as part of its required Steps 2–3 and Firecrawl Tool Guide, ingesting untrusted third‑party page content which directly informs analysis and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly reads competitor URLs from research-memory/competitive-intel.md and at runtime calls firecrawl_scrape/firecrawl_map to fetch those external sites' content (i.e., any URL listed in competitive-intel.md), which is then injected into the agent's context for analysis and can therefore directly control prompts — flagging "URLs listed in competitive-intel.md".