Skills
skills/ata-ux/pm-copilot/competitive-analysis/Gen Agent Trust Hub

competitive-analysis

Pass

Audited by Gen Agent Trust Hub on Mar 31, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it ingests untrusted data from the internet.
  • Ingestion points: Competitor websites are scraped via Playwright's snapshot tool in the sub-agent instructions.
  • Boundary markers: Absent. There are no delimiters or instructions to ignore malicious commands embedded in the scraped HTML or text content.
  • Capability inventory: The main agent has access to Bash, Write, and Agent tools, while sub-agents have the ability to write JSON reports to the file system.
  • Sanitization: No sanitization or validation is applied to the content retrieved from external sites before it is passed to the LLM for extraction.
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute several local Python scripts for data merging, CSV-to-XLSX conversion, diff calculation, and summary generation.
  • [EXTERNAL_DOWNLOADS]: The skill's execution algorithm includes a step to install the Playwright MCP tool using npx @playwright/mcp@latest from the public npm registry if the tool is missing. While this targets a well-known service, it involves executing third-party code at runtime.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 31, 2026, 09:25 AM