competitive-intel-brief
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its core functionality of processing untrusted external data.
- Ingestion points: The skill uses
web_fetchto download content from GitHub release feeds (Step 2) and competitor websites or blogs (Step 3). - Boundary markers: There are no explicit instructions to the agent to treat external content as untrusted or to use delimiters to prevent embedded instructions from influencing the summarization logic.
- Capability inventory: The skill has the capability to write summaries of this untrusted data into an internal database using the
manage_intel_recordstool (Step 7.5) and to display them to the user in a structured brief. - Sanitization: The skill lacks sanitization or validation logic for the fetched content before it is processed by the LLM for classification and summarization. This could allow an external attacker (e.g., a competitor) to influence internal PMM records by placing malicious instructions in their public release notes or blog posts.
Audit Metadata