content-gap-analysis
Pass
Audited by Gen Agent Trust Hub on Jul 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes bundled Python scripts (
firecrawl.pyandrss_monitor.py) via the shell to perform web scraping and trend monitoring. These scripts are part of the author's provided toolset for the skill. - [EXTERNAL_DOWNLOADS]: The skill fetches data from external sources, including competitor websites and public RSS feeds (Google Trends, Hacker News, Reddit). This network activity is a primary functional requirement for content gap analysis.
- [PROMPT_INJECTION]: The skill ingests untrusted content from external URLs, which creates a surface for indirect prompt injection where malicious instructions could be embedded in the scraped data.
- Ingestion points: Competitor URLs mapped by Firecrawl and RSS feed content from the trend scout.
- Boundary markers: The instructions do not define specific delimiters or "ignore" instructions for the agent when processing external content.
- Capability inventory: The skill can execute local Python scripts and write results to the
memory/directory. - Sanitization: There are no explicit instructions for the agent to sanitize or escape the external content before processing (Category 8).
Audit Metadata