geo-compare
Pass
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill ingests untrusted data from external websites to generate comparison reports, which represents a surface for indirect prompt injection. \n
- Ingestion points: The skill fetches content from up to 10 pages for each of the 2-3 user-provided URLs (SKILL.md, Phase 2). \n
- Boundary markers: There are no explicit instructions provided to the agent to treat external content as data only or to ignore embedded instructions (SKILL.md). \n
- Capability inventory: The skill generates a local report file in markdown format (SKILL.md, Phase 5.1). No evidence of subprocess execution or sensitive file access was found. \n
- Sanitization: The logic does not specify any sanitization, escaping, or validation of the text content retrieved from the audited websites. \n- [EXTERNAL_DOWNLOADS]: The skill performs network operations to fetch website data from domains provided by the user (SKILL.md, Phase 2). It also includes a reference to aivsrank.com, which is a measurement tool provided by the vendor, Cognitic-Labs (SKILL.md, Phase 6).
Audit Metadata