competitor-intel
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides a structured framework for competitor research using public web data.
- [DATA_EXPOSURE]: No hardcoded credentials, API keys, or access to sensitive local files (e.g., SSH keys, AWS configs) were found. The skill operates exclusively on public web data.
- [PROMPT_INJECTION]: No instructions were found that attempt to bypass AI safety guardrails, extract system prompts, or override system instructions.
- [REMOTE_CODE_EXECUTION]: The skill does not contain any patterns for downloading and executing untrusted code or scripts from the internet. All operations are conducted via pre-defined tools.
- [DATA_EXFILTRATION]: Network activity is restricted to the intended purpose of the skill (accessing public web pages and SEO APIs via defined tools). No evidence of exfiltrating private user data to external servers was identified.
- [OBFUSCATION]: The instructions and references are written in clear, plain text with no hidden characters, Base64 encoding, or other obfuscation techniques.
- [INDIRECT_PROMPT_INJECTION]:
- Ingestion points: The skill ingests untrusted content from competitor websites, blog posts, social media (Instagram, TikTok, Twitter), and community forums (Reddit) via various scraping tools in Phase 3 of the workflow.
- Boundary markers: The skill does not explicitly define markers to separate untrusted data from instructions, but it follows strict report templates.
- Capability inventory: Capabilities are limited to data synthesis and brief generation; no high-risk tools like local command execution or sensitive file-system writing are present.
- Sanitization: No specific sanitization or filtering of the ingested content is mentioned, which is common for summarization tasks.
Audit Metadata