Skills
skills/duc01226/easyplatform/market-analysis/Gen Agent Trust Hub

market-analysis

Pass

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core functionality.
  • Ingestion points: The skill heavily relies on WebSearch and WebFetch to gather data for competitive research, market sizing, and trend analysis from the open web.
  • Boundary markers: No explicit delimiters or instructions are provided to the agent to distinguish between its own instructions and content retrieved from external sources, nor are there instructions to ignore commands found in retrieved data.
  • Capability inventory: The skill allows access to Bash, Write, and TaskCreate tools. If an attacker-controlled website contains malicious instructions that the agent follows, these tools could be used to perform unauthorized file operations or system commands.
  • Sanitization: The instructions lack requirements for sanitizing or validating retrieved content before it is processed or written to files.
  • [COMMAND_EXECUTION]: The skill requests the Bash tool in its allowed-tools configuration. While the instructions primarily focus on market analysis, the availability of a shell environment increases the risk profile if the agent is manipulated via indirect prompt injection from the web content it processes.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 7, 2026, 02:13 AM