Skills
skills/yangliu2060/smith--skills/competitor-price-monitor/Gen Agent Trust Hub

competitor-price-monitor

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill fetches arbitrary external web content via WebFetch and processes it with a prompt template to summarize pricing.
  • Ingestion points: WebFetch fetches data from user-supplied or external URLs (Step 2).
  • Boundary markers: None. The prompt template in Step 2 directly interpolates the raw page content.
  • Capability inventory: The agent has access to Bash (Step 4) and Read/Write permissions for the filesystem (Step 4).
  • Sanitization: No sanitization or filtering of the scraped HTML content is performed before analysis.
  • [Command Execution] (HIGH): The skill utilizes Bash for tasks like directory creation and timestamping. If any part of the scraped web content or user-defined 'competitor names' are interpolated into bash strings (e.g., mkdir [name]), it would allow for arbitrary command injection.
  • [Data Exposure] (MEDIUM): The skill stores and reads data from ~/.claude/cache/. This is a sensitive directory associated with the agent's internal state. Writing to this location could be exploited to overwrite configuration files or persist malicious data if the input is manipulated via indirect injection.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 12:43 PM