Skills
skills/yonatangross/orchestkit/competitive-analysis/Gen Agent Trust Hub

competitive-analysis

Pass

Audited by Gen Agent Trust Hub on Apr 15, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the GitHub CLI (gh) to retrieve public repository data such as star counts, release lists, and contributor counts. These are read-only operations against a well-known service used for competitive benchmarking.
  • [EXTERNAL_DOWNLOADS]: The skill employs WebFetch and WebSearch to gather external market intelligence. This is consistent with its primary purpose of performing competitive and industry analysis.
  • [DATA_EXFILTRATION]: No patterns of sensitive data exfiltration were found. The network activity is restricted to fetching information for analysis rather than transmitting local secrets.
  • [INDIRECT_PROMPT_INJECTION]: The skill represents a surface for indirect prompt injection as it ingests untrusted data from the web and GitHub APIs.
  • Ingestion points: Data fetched via WebFetch, WebSearch, and gh api calls in SKILL.md and references/competitive-analysis-guide.md.
  • Boundary markers: None explicitly defined in the templates to separate fetched content from instructions.
  • Capability inventory: Subprocess execution via gh CLI and file system access via Read, Glob, and Grep.
  • Sanitization: No explicit sanitization or filtering of external content is documented.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 15, 2026, 12:23 PM