pricing-packaging-planner
Pass
Audited by Gen Agent Trust Hub on Jul 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it is designed to ingest and process untrusted external data, such as competitor pricing pages.
- Ingestion points: Data enters the agent context through user-pasted text or content fetched via the
firecrawl.pyconnector. - Boundary markers: The skill includes an explicit instruction to treat all external documents as untrusted input and directs the agent to ignore any instructions embedded within that content.
- Capability inventory: The skill utilizes a local script (
firecrawl.py) for data acquisition and performs file-write operations to thememory/directory. - Sanitization: The instructions specifically mandate that the agent must not follow instructions found in external or pasted content, effectively establishing a security boundary.
- [COMMAND_EXECUTION]: The skill invokes a local script
scripts/connectors/firecrawl.py. This is identified as a vendor-specific utility used for web crawling to support its primary function of market research. As a local tool within the skill's infrastructure, it does not represent an external code execution risk.
Audit Metadata