competitive-analysis
Warn
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill directs the agent to execute shell commands such as
pdftotext,pandoc, andcurlto fetch and process external documents. These commands are executed on files downloaded from arbitrary URLs found via search engines. (File:references/data-collection.md) - [REMOTE_CODE_EXECUTION]: The instructions explicitly permit the agent to modify its environment by installing external software packages using
brew install(poppler, pandoc) andpip install(pdfplumber, python-docx, python-pptx) if they are not already present. (File:references/data-collection.md) - [EXTERNAL_DOWNLOADS]: The skill uses
curl -L -oto download binary files (PDF, DOCX, PPTX) from unverified external URLs identified during the search phase. (File:references/data-collection.md) - [INDIRECT_PROMPT_INJECTION]: The skill processes large volumes of untrusted data from the web and external files (Phase 1-3). It lacks mandatory boundary markers or specific sanitization instructions to prevent embedded malicious instructions in those files from overriding the agent's primary mission. (File:
SKILL.md,references/data-collection.md) - Ingestion points: Web scraping via
scrape_as_htmlandscrape_as_markdown; file reading via converted Markdown frompdftotextandpandoc. - Boundary markers: Absent. The skill does not define specific delimiters or instructions to ignore commands within the gathered data.
- Capability inventory: Shell execution for
curl,brew,pip,pdftotext, andpandoc. - Sanitization: The skill relies on the agent to "extract key information" but provides no technical sanitization or validation of the content.
Audit Metadata