competitor-signals
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes a local Python script (
competitor_signals.py) via the Bash tool to aggregate and score lead data from various sources. - [EXTERNAL_DOWNLOADS]: Fetches data from established and well-known services including Product Hunt (GraphQL API), Hacker News (Algolia API), and Apify (Product Hunt scraper) to identify potential customers.
- [PROMPT_INJECTION]: The skill processes untrusted third-party content, which introduces a surface for indirect prompt injection.
- Ingestion points: Website content from competitor case study pages, testimonials, tech press articles, and community comments from forum APIs.
- Boundary markers: Absent; the agent instructions for manual scraping do not define specific delimiters or instructions to ignore embedded commands in the source text.
- Capability inventory: The skill has access to web search, network fetching, file system read/write/edit, and shell command execution.
- Sanitization: Retains a basic HTML cleaning function within the Python script that uses regular expressions to strip tags from retrieved text.
Audit Metadata