ecommerce-competitor-analyzer
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses official and reputable API endpoints from Google and Olostep to perform its core tasks of data analysis and web scraping.
- [SAFE]: Secret management is handled via environment variables and local configuration files, following standard security practices to prevent credential exposure.
- [SAFE]: The implementation of Google Sheets access follows the standard OAuth2 protocol, including secure token handling and clear instructions for users to set up their own credentials.
- [PROMPT_INJECTION]: The skill processes untrusted product data from Amazon without explicit boundary markers. Evidence chain: 1. Ingestion point: 'scripts/scrape-amazon.js' (product data). 2. Boundary markers: Absent in 'prompts/analysis-prompt-base.md'. 3. Capability inventory: File writes (Markdown reports) and network calls (Google Sheets API). 4. Sanitization: Absent. This finding represents an indirect prompt injection surface which is inherent to the skill's primary purpose of analyzing external web content.
Audit Metadata