Skills
skills/gooseworks-ai/goose-skills/battlecard-generator/Gen Agent Trust Hub

battlecard-generator

Pass

Audited by Gen Agent Trust Hub on Apr 10, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection risk due to the ingestion and processing of untrusted external data.
  • Ingestion points: The skill fetches competitor website content, social media posts, and public reviews from platforms like G2 and Capterra using tools such as fetch_webpage, web_search, and review-site-scraper (referenced in SKILL.md Phase 1).
  • Boundary markers: The instructions lack explicit boundary markers or directions for the agent to ignore or isolate instructions that may be embedded in the external content fetched during the research phase.
  • Capability inventory: The skill instructs the agent to write the finalized battlecard to the local filesystem (Save to clients/...).
  • Sanitization: There is no evidence of sanitization or validation of the external content before it is processed by the agent to generate the final report.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 10, 2026, 10:48 AM