competitor-analysis

Pass

Audited by Gen Agent Trust Hub on Jul 6, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill ingests untrusted data from external websites via the Firecrawl connector, creating a surface for indirect prompt injection where adversarial instructions on a competitor's page could influence the agent's analysis.
  • Ingestion points: Scrapes external competitor URLs and domains using the firecrawl.py connector as documented in SKILL.md.
  • Boundary markers: The instructions do not specify the use of delimiters or isolation markers to distinguish scraped web content from agent instructions.
  • Capability inventory: The skill executes local Python scripts and writes data to the file system at memory/research/.
  • Sanitization: There is no mention of content sanitization or filtering before the scraped markdown is processed by the model.
  • [COMMAND_EXECUTION]: The skill utilizes a local Python script to perform web scraping and data gathering tasks.
  • Evidence: python3 "${CLAUDE_PLUGIN_ROOT}/scripts/connectors/firecrawl.py" scrape <competitor-url>
  • Context: The script is part of the skill's infrastructure and leverages the well-known Firecrawl service for rendering and mapping external website content.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 6, 2026, 09:34 AM
Security Audit — agent-trust-hub — competitor-analysis