competitor-price-selling-point-watch
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were detected in the skill files. The skill performs intended business logic via a documented external API.
- [EXTERNAL_DOWNLOADS]: The skill communicates with the service at
https://ai-skills.ai. This communication is necessary for the skill's primary function and targets the developer's official domain. - [CREDENTIALS_UNSAFE]: The skill utilizes an API key (
AISKILLS_API_KEY) for service authentication. The key is managed via environment variables, adhering to standard security practices for credential handling. There are no hardcoded secrets in the code. - [PROMPT_INJECTION]: The skill processes untrusted external data including product links, text snapshots, and file uploads which constitutes an indirect prompt injection surface.
- Ingestion points: Untrusted data enters via the
competitorLinks,competitorSnapshot, andwatchFileparameters inSKILL.mdandreferences/form-schema.json. - Boundary markers: Explicit boundary markers or instructions to ignore embedded commands are not present in the instructions.
- Capability inventory: The skill's functionality is limited to making authenticated HTTPS requests to the provider's API via the
scripts/run.pyscript. It does not perform local file writes or execute arbitrary shell commands. - Sanitization: Input sanitization is not explicitly implemented in the client-side scripts; data validation is expected to be handled by the backend API service.
Audit Metadata