Skills
skills/affitor/affiliate-skills/traffic-analyzer/Gen Agent Trust Hub

traffic-analyzer

Pass

Audited by Gen Agent Trust Hub on Apr 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes web_search and web_fetch to gather traffic data for specified domains. These operations are core to the skill's purpose and are used to retrieve information from public sources.
  • [EXTERNAL_DOWNLOADS]: The skill connects to similarweb.com to extract metrics. As SimilarWeb is a well-known technology service, this interaction is considered a safe and standard use of external resources for analytics.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it ingests untrusted data from external web pages and search snippets. Maliciously crafted content on these pages could attempt to influence the agent's summary or verdict. Evidence:
  • Ingestion points: Data enters the agent context via web_search and web_fetch in the 'Gather Traffic Data' step (SKILL.md).
  • Boundary markers: None are defined to separate the untrusted web content from the agent's instructions.
  • Capability inventory: The agent uses this data to generate a markdown report and actionable recommendations using local reasoning.
  • Sanitization: No explicit sanitization or validation of the fetched web content is described.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 28, 2026, 08:53 AM