Skills
skills/nexscope-ai/nexscope-ecommerce-skills/competitor-analyzer/Gen Agent Trust Hub

competitor-analyzer

Pass

Audited by Gen Agent Trust Hub on Jun 28, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by processing untrusted data from external sources.
  • Ingestion points: The scripts/competitor_analyzer.py script fetches product titles, brand names, and category data from external Amazon Search and Keepa API endpoints.
  • Boundary markers: Absent. The markdown report structure defined in SKILL.md does not use delimiters or explicit instructions to the agent to ignore or isolate instructions found within the retrieved data.
  • Capability inventory: The skill is configured with allowed-tools: [Bash, Read, Write]. This high level of system access increases the potential impact if the agent incorrectly executes instructions embedded in product data.
  • Sanitization: Absent. The script performs no escaping or filtering of the retrieved API data before interpolating it into the final markdown output presented to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 28, 2026, 07:06 AM
Security Audit — agent-trust-hub — competitor-analyzer