competitor-watch
Warn
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
mcp__scheduled-tasks__create_scheduled_tasktool to establish automated, recurring persistence for the competitive intelligence scan. - [COMMAND_EXECUTION]: Local state and persistent configuration (watchlist and baselines) are maintained by writing files to the local directory
~/.claude/competitor-watch/. - [DATA_EXFILTRATION]: Strategic reports and competitive insights are transmitted to external Slack channels using the
mcp__a8f5bb61-0837-408d-a165-744ad0d8d236__slack_send_messagetool. - [PROMPT_INJECTION]: The skill is exposed to indirect prompt injection via the processing of untrusted external content from ad transcripts.
- Ingestion points: Creative transcripts are fetched from external ad sources using the
mcp__motion__get_creative_transcripttool. - Boundary markers: The instructions do not provide explicit delimiters or instructions to treat external transcript content as data rather than instructions.
- Capability inventory: The agent has the ability to write to the file system, send messages via Slack, and create scheduled tasks.
- Sanitization: No filtering or validation of the fetched transcript text is performed before the content is processed for strategic theme extraction.
Audit Metadata