company-intel

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the orth run command-line utility to interact with various data providers (brand-dev, fiber, scrapegraph). This involves executing shell commands with parameters derived from user-provided company information.
  • [EXTERNAL_DOWNLOADS]: The skill retrieves data from multiple external services and performs automated web scraping of company websites to extract pricing and product information.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its processing of untrusted content from the web.
  • Ingestion points: Scraped data from company websites via the scrapegraph tool (SKILL.md).
  • Boundary markers: None present to distinguish scraped content from instructions.
  • Capability inventory: Execution of shell commands via orth run and file access to MEMORY.md (SKILL.md).
  • Sanitization: No sanitization or validation of the content returned by the scraper is implemented.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 04:54 AM
Security Audit — agent-trust-hub — company-intel