battlecard-generator
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses a significant attack surface for indirect prompt injection because it is designed to ingest and process data from uncontrolled external environments.
- Ingestion points: The skill instructs the agent to fetch content from competitor homepages, pricing pages, G2/Capterra reviews, and social media posts (Reddit/Twitter) in SKILL.md.
- Boundary markers: Absent. There are no instructions to use delimiters or ignore instructions found within the research data, making the agent vulnerable to following commands embedded in external content.
- Capability inventory: The skill uses
web_search,fetch_webpage, and file system write operations to save the generated battlecards. - Sanitization: Absent. External content is processed and formatted into the output without validation or sanitization.
- [DATA_EXFILTRATION]: The skill requests users to provide sensitive internal business intelligence, specifically 'Known win/loss signals' and 'Existing positioning'. While relevant to the task, this data is stored in the agent's context and could be targeted for exfiltration if the agent is compromised by malicious instructions found during the research phase.
Audit Metadata