competitor-teardown
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
belt-sh/clitool and add supplementary skills from theinference-shorganization. These resources are necessary for the skill to function as intended within its target platform. - [COMMAND_EXECUTION]: The skill uses the
beltCLI to run several automated tasks, including market research queries via Tavily and Exa, and website screenshotting via a headless browser agent. Access is restricted to thebelttool via theallowed-toolsconfiguration in the frontmatter. - [COMMAND_EXECUTION]: Includes a Python script template used to generate a 2x2 competitive positioning map with the
matplotliblibrary. This script is intended to be executed through the platform's Python executor tool. - [PROMPT_INJECTION]: By design, the skill processes information from external websites and search results to build reports. This creates an interface for indirect prompt injection if those external sources contain malicious instructions, though this is a standard risk for research-oriented skills.
Audit Metadata