competitive-platform-analysis
Pass
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: No evidence of prompt injection, role-play directives, or safety-bypass instructions was found. The skill maintains a professional instructional tone.
- [DATA_EXFILTRATION]: No sensitive file paths, credential harvesting, or unauthorized network operations were detected. The data sources mentioned (e.g., LinkedIn, Dribbble) are instructional recommendations for the user/agent to browse manually or via standard tools.
- [REMOTE_CODE_EXECUTION]: The skill is composed entirely of Markdown and contains no scripts, package dependencies, or remote code patterns.
- [INDIRECT_PROMPT_INJECTION]: The skill directs the agent to analyze external websites (competitors' sites, portfolio platforms, and review directories) which represents an attack surface for indirect prompt injection. However, the skill explicitly includes a security best practice by instructing the agent to 'verify claims across at least two sources' and 'carry an adversarial-verification discipline into every profile,' which mitigates the risk of acting on potentially malicious content found on external pages.
- [COMMAND_EXECUTION]: No shell commands, privilege escalation attempts, or persistence mechanisms are present.
Audit Metadata