Skills
skills/tool-belt/skills/competitor-teardown/Gen Agent Trust Hub

competitor-teardown

Pass

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the infsh CLI to execute various research and analysis tasks, which is permitted and scoped by the allowed-tools manifest configuration.
  • [EXTERNAL_DOWNLOADS]: Provides links to external documentation and installation scripts on GitHub for the inference-sh toolset.
  • [REMOTE_CODE_EXECUTION]: Uses the infsh/python-executor to run Matplotlib code for generating positioning maps, which involves dynamic code execution.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it fetches and processes untrusted data from external websites, search engines, and review platforms. Ingestion points: infsh/agent-browser, tavily/search-assistant, exa/search, and tavily/extract in SKILL.md. Boundary markers: Absent. Capability inventory: includes shell command execution via infsh, browser automation, and Python code execution. Sanitization: No sanitization of the retrieved external content was identified.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 9, 2026, 08:02 AM