competitor-pages
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection by ingesting untrusted data from the web.
- Ingestion points: The
competitor-scraper.pyscript retrieves content from public competitor URLs which is then processed by the agent. - Boundary markers: The instructions do not define explicit delimiters or instructions to ignore embedded commands within the scraped content.
- Capability inventory: The skill has capabilities to read local filesystem data (
~/.claude-marketing/), execute internal scripts, and generate schema markup. - Sanitization: While the process mentions "Accuracy verification" and a "brand-guardian" agent, there is no evidence of technical sanitization or filtering of the raw external content before it is interpolated into the agent's context.
- [COMMAND_EXECUTION]: The skill explicitly references and utilizes several Python scripts (
schema-generator.py,competitor-scraper.py,content-scorer.py). These scripts represent the primary functional logic but also define the skill's execution boundary. - [DATA_EXFILTRATION]: The skill accesses local configuration and profile files located at
~/.claude-marketing/brands/. While these appear to be application-specific files for brand management, the access to absolute paths outside of the immediate project directory is a designated behavior for data exposure analysis.
Audit Metadata