expansion-signal-spotter
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill processes sensitive business and customer information, including ARR/MRR data, customer lists, and contact details. The combination of access to this internal data and the use of tools with network capabilities like
web_searchandfetch_webpagepresents a risk of data exposure or exfiltration. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from the public web to generate summaries and talk tracks.
- Ingestion points: External company websites, career pages, and news sources fetched via
web_searchandfetch_webpagein SKILL.md. - Boundary markers: Absent; there are no instructions provided to the agent to treat fetched data as untrusted or to ignore embedded instructions.
- Capability inventory: The skill has file-write permissions (saving reports to the local directory) and network access via tools.
- Sanitization: Absent; the instructions do not include any steps for sanitizing or validating external content before it is processed by the LLM.
- [COMMAND_EXECUTION]: The skill documentation suggests setting up a cron job that executes a local Python script (
run_skill.py), which involves executing code on the host machine to automate the monitoring tasks.
Audit Metadata