Skills
skills/yangliu2060/smith--skills/competitor-research/Gen Agent Trust Hub

competitor-research

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill ingests untrusted data from arbitrary external websites and possesses file-write capabilities, creating a high-risk surface for indirect injection attacks.
  • Ingestion points: The skill uses WebFetch in Steps 2, 3, and 4 to retrieve data from LinkedIn, G2, Product Hunt, and company pricing pages.
  • Boundary markers: Absent. There are no delimiters or instructions to the agent to treat the fetched content as data rather than instructions.
  • Capability inventory: The skill uses the Write tool to save reports to the local filesystem at ~/.claude/cache/competitor-reports/.
  • Sanitization: Absent. The fetched data is interpolated directly into a markdown report and written to disk without validation.
  • File System Access (MEDIUM): The skill writes files using names derived from potentially untrusted sources.
  • Evidence: The file naming convention {公司名}-{日期}.md relies on the company name, which could be manipulated by an attacker to attempt path traversal (e.g., ../../../filename.md) if the name is extracted from a malicious website's metadata.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 06:24 AM