competitive-analysis
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill directs the agent to gather intelligence from untrusted third-party sources (websites, blogs, social media, and reviews), which creates a vulnerability surface for indirect prompt injection. Malicious instructions hidden in these sources could theoretically influence the agent's analysis.
- Ingestion points: External websites, news, social media, and customer reviews identified in the 'Research Process' of SKILL.md.
- Boundary markers: Absent; the instructions do not provide delimiters or guidance for the agent to isolate untrusted data from its core logic.
- Capability inventory: Low risk; the skill is limited to text synthesis and Mermaid chart generation, lacking access to shell commands or sensitive local files.
- Sanitization: Absent; no validation or filtering of external data is specified.
Audit Metadata