competitor-price-selling-point-watch

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No malicious patterns or security vulnerabilities were detected in the skill files. The skill performs intended business logic via a documented external API.
  • [EXTERNAL_DOWNLOADS]: The skill communicates with the service at https://ai-skills.ai. This communication is necessary for the skill's primary function and targets the developer's official domain.
  • [CREDENTIALS_UNSAFE]: The skill utilizes an API key (AISKILLS_API_KEY) for service authentication. The key is managed via environment variables, adhering to standard security practices for credential handling. There are no hardcoded secrets in the code.
  • [PROMPT_INJECTION]: The skill processes untrusted external data including product links, text snapshots, and file uploads which constitutes an indirect prompt injection surface.
  • Ingestion points: Untrusted data enters via the competitorLinks, competitorSnapshot, and watchFile parameters in SKILL.md and references/form-schema.json.
  • Boundary markers: Explicit boundary markers or instructions to ignore embedded commands are not present in the instructions.
  • Capability inventory: The skill's functionality is limited to making authenticated HTTPS requests to the provider's API via the scripts/run.py script. It does not perform local file writes or execute arbitrary shell commands.
  • Sanitization: Input sanitization is not explicitly implemented in the client-side scripts; data validation is expected to be handled by the backend API service.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 07:58 AM
Security Audit — agent-trust-hub — competitor-price-selling-point-watch