industry-scanner
Warn
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill constructs and executes shell commands in
SKILL.md(Phase 2) by directly interpolating values from the client's configuration file (clients/<client>/config/industry-scanner.json). Parameters such asblog_urls,subreddits,reddit_keywords,twitter_query,hn_query, andreview_urlare passed as arguments topython3scripts. If these configuration fields contain shell metacharacters or maliciously crafted strings, it could lead to arbitrary command execution on the host system. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests large volumes of untrusted data from various external platforms to generate strategic business advice and tactics.
- Ingestion points: Phase 2 of
SKILL.mddocuments data collection from web searches, industry blogs, Reddit, Twitter/X, LinkedIn, Hacker News, RSS feeds, newsletter inboxes, and review sites (G2, Capterra, Trustpilot). - Boundary markers: None. The instructions do not specify the use of delimiters or 'ignore' instructions for the fetched content during the categorization and strategy generation phases.
- Capability inventory: The agent can execute shell commands to trigger scrapers (Phase 2) and write report files to the local file system (Phase 5).
- Sanitization: None. There is no evidence of sanitization, filtering, or validation of the external content before it is processed by the LLM for relevance rating and opportunity generation.
Audit Metadata