Skills
skills/inference-sh-skills/skills/competitor-teardown/Gen Agent Trust Hub

competitor-teardown

Pass

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Utilizes the vendor-specific belt CLI for market research and browser automation. It also uses npx to install additional skills from the author's own repository.
  • [EXTERNAL_DOWNLOADS]: Links to installation instructions for the belt CLI hosted on the author's official GitHub repository.
  • [REMOTE_CODE_EXECUTION]: Employs a static Python script for generating competitive positioning maps. The script is executed via a specialized vendor tool and uses the standard matplotlib library.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection attack surface due to its data ingestion capabilities.
  • Ingestion points: Retrieves content from the live web via tavily/search-assistant, exa/search, and infsh/agent-browser (SKILL.md).
  • Boundary markers: The instructions lack delimiters or constraints to prevent the agent from following malicious instructions found within the retrieved web data.
  • Capability inventory: The skill allows the agent to execute code via infsh/python-executor and perform image processing via infsh/stitch-images (SKILL.md).
  • Sanitization: No sanitization or filtering mechanisms are specified for the untrusted external content before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 8, 2026, 10:25 PM