Skills
skills/gingiris/gingiris-skills/gr-competitor/Gen Agent Trust Hub

gr-competitor

Pass

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes content from arbitrary external URLs.
  • Ingestion points: Data is pulled from external URLs via the actionbook extract command described in SKILL.md.
  • Boundary markers: Absent. The instructions do not define specific delimiters or provide warnings to the agent to ignore instructions embedded within the scraped HTML/text.
  • Capability inventory: The agent uses shell commands to interact with the actionbook CLI and synthesizes reports based on the extracted data.
  • Sanitization: Absent. There is no evidence of filtering or sanitization of the scraped content before it is processed by the agent.
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of an external third-party utility.
  • Evidence: Instructions in SKILL.md direct the user to run npm install -g @actionbookdev/cli or use npx @actionbookdev/cli.
  • Context: The package is the core engine for the skill's functionality, but it is hosted on a public registry and managed by an external entity.
  • [COMMAND_EXECUTION]: The skill relies on shell commands to perform its primary tasks.
  • Evidence: Commands such as actionbook search, actionbook extract, and actionbook browser start are invoked to interact with the local environment and the web.
Audit Metadata
Risk Level
SAFE
Analyzed
May 13, 2026, 04:09 AM