company-intel
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
orth runcommand-line utility to interact with various data providers (brand-dev, fiber, scrapegraph). This involves executing shell commands with parameters derived from user-provided company information. - [EXTERNAL_DOWNLOADS]: The skill retrieves data from multiple external services and performs automated web scraping of company websites to extract pricing and product information.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its processing of untrusted content from the web.
- Ingestion points: Scraped data from company websites via the
scrapegraphtool (SKILL.md). - Boundary markers: None present to distinguish scraped content from instructions.
- Capability inventory: Execution of shell commands via
orth runand file access toMEMORY.md(SKILL.md). - Sanitization: No sanitization or validation of the content returned by the scraper is implemented.
Audit Metadata