competitor-analysis
Pass
Audited by Gen Agent Trust Hub on Jul 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests untrusted data from external websites via the Firecrawl connector, creating a surface for indirect prompt injection where adversarial instructions on a competitor's page could influence the agent's analysis.
- Ingestion points: Scrapes external competitor URLs and domains using the
firecrawl.pyconnector as documented inSKILL.md. - Boundary markers: The instructions do not specify the use of delimiters or isolation markers to distinguish scraped web content from agent instructions.
- Capability inventory: The skill executes local Python scripts and writes data to the file system at
memory/research/. - Sanitization: There is no mention of content sanitization or filtering before the scraped markdown is processed by the model.
- [COMMAND_EXECUTION]: The skill utilizes a local Python script to perform web scraping and data gathering tasks.
- Evidence:
python3 "${CLAUDE_PLUGIN_ROOT}/scripts/connectors/firecrawl.py" scrape <competitor-url> - Context: The script is part of the skill's infrastructure and leverages the well-known Firecrawl service for rendering and mapping external website content.
Audit Metadata