weekly-competitor-tracker
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill operates exclusively on local markdown files provided by the user. It performs text parsing and diffing using natural language instructions without the use of high-risk tools such as shell execution or network access.
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted content from external markdown files, which constitutes a potential surface for indirect prompt injection. However, the lack of dangerous capabilities significantly limits the risk.
- Ingestion points: Reads content from files in the
competitors/folder andcompetitors/snapshot/subfolder (SKILL.md, Step 2 & 3). - Boundary markers: The instructions do not define specific delimiters or instructions to ignore embedded commands within the files.
- Capability inventory: File read and write access to the local filesystem for generating the
.mdreport. No network, shell, or code execution tools are utilized. - Sanitization: No explicit sanitization or validation of the input file content is defined in the instructions.
Audit Metadata