eliteforge-competitive-analysis
Warn
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for the agent to execute system shell commands for file downloading and document conversion, specifically mentioning
curl,pdftotext, andpandocin thereferences/data-collection.mdfile. - [EXTERNAL_DOWNLOADS]: The research workflow involves fetching binary documents (PDF, DOCX, PPTX) from arbitrary external URLs found during search engine queries to the local filesystem.
- [REMOTE_CODE_EXECUTION]: The skill explicitly directs the agent to install external packages and software on the host system using
pipandbrew(e.g.,pip install pdfplumber,brew install pandoc), which introduces supply chain risks and potential system compromise. - [PROMPT_INJECTION]: The skill has a significant surface for indirect prompt injection due to the ingestion of untrusted external content from scraped websites and converted documents without sanitization.
- Ingestion points: Scraped HTML and Markdown content, and text converted from external PDF, DOCX, and PPTX files.
- Boundary markers: Absent. No specific instructions are provided to the agent to treat external content as untrusted data or to use delimiters.
- Capability inventory: High-risk actions including shell execution (
curl,pip,brew), local file writing, and automated internet searching. - Sanitization: Absent. No content validation, filtering, or escaping steps are implemented before the agent processes and summarizes the data.
Audit Metadata