content-gap-analysis

Pass

Audited by Gen Agent Trust Hub on Jul 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes bundled Python scripts (firecrawl.py and rss_monitor.py) via the shell to perform web scraping and trend monitoring. These scripts are part of the author's provided toolset for the skill.
  • [EXTERNAL_DOWNLOADS]: The skill fetches data from external sources, including competitor websites and public RSS feeds (Google Trends, Hacker News, Reddit). This network activity is a primary functional requirement for content gap analysis.
  • [PROMPT_INJECTION]: The skill ingests untrusted content from external URLs, which creates a surface for indirect prompt injection where malicious instructions could be embedded in the scraped data.
  • Ingestion points: Competitor URLs mapped by Firecrawl and RSS feed content from the trend scout.
  • Boundary markers: The instructions do not define specific delimiters or "ignore" instructions for the agent when processing external content.
  • Capability inventory: The skill can execute local Python scripts and write results to the memory/ directory.
  • Sanitization: There are no explicit instructions for the agent to sanitize or escape the external content before processing (Category 8).
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 6, 2026, 09:34 AM
Security Audit — agent-trust-hub — content-gap-analysis