pricing-packaging-planner

Pass

Audited by Gen Agent Trust Hub on Jul 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it is designed to ingest and process untrusted external data, such as competitor pricing pages.
  • Ingestion points: Data enters the agent context through user-pasted text or content fetched via the firecrawl.py connector.
  • Boundary markers: The skill includes an explicit instruction to treat all external documents as untrusted input and directs the agent to ignore any instructions embedded within that content.
  • Capability inventory: The skill utilizes a local script (firecrawl.py) for data acquisition and performs file-write operations to the memory/ directory.
  • Sanitization: The instructions specifically mandate that the agent must not follow instructions found in external or pasted content, effectively establishing a security boundary.
  • [COMMAND_EXECUTION]: The skill invokes a local script scripts/connectors/firecrawl.py. This is identified as a vendor-specific utility used for web crawling to support its primary function of market research. As a local tool within the skill's infrastructure, it does not represent an external code execution risk.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 6, 2026, 09:34 AM
Security Audit — agent-trust-hub — pricing-packaging-planner