competitive-analysis
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses a browser-use subagent to visit competitor websites and G2 galleries for research purposes. These are well-known services and are essential for the skill's methodology.
- [COMMAND_EXECUTION]: The skill utilizes a subagent to perform automated browser navigation and screenshot capture.
- [PROMPT_INJECTION]: There is an inherent surface for indirect prompt injection because the skill ingests data from untrusted external websites. Evidence chain: 1) Ingestion points: external competitor URLs; 2) Boundary markers: absent; 3) Capability inventory: local file-writing (screenshots) and reading of internal workspace documentation; 4) Sanitization: not specified. This is a common characteristic of browser-based research skills.
- [DATA_EXFILTRATION]: The skill reads internal product context documents to inform its analysis. No evidence was found of this sensitive information being transmitted to unauthorized external domains.
Audit Metadata