competitor-positioning
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from competitor websites (Steps 4 and 5) using
nimble extract. This data is processed by LLM-powered sub-agents to identify positioning and marketing themes. An attacker controlling a target website could embed malicious instructions to manipulate the agent's analysis or output. - Ingestion points:
nimble extractresults from external competitor domains (SKILL.md). - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the agent prompts when handling raw extracted content.
- Capability inventory: The skill has access to Bash execution, file system read/write in the home directory, and the ability to spawn sub-agents with bypassed permissions.
- Sanitization: No sanitization or validation of the extracted web content is performed before processing.
- [EXTERNAL_DOWNLOADS]: The onboarding instructions (references/profile-and-onboarding.md) guide users to install the Nimble CLI via
npm install -g @nimbleway/cli. While this is a vendor-provided tool, it involves downloading and installing external software. - [COMMAND_EXECUTION]: The skill relies heavily on the
Bashtool to interact with the Nimble CLI, perform file system operations (mkdir,ls,cat), and execute Python scripts for date calculations. These operations are restricted to the~/.nimble/directory but represent a high-privilege execution environment. - [DYNAMIC_EXECUTION]: In Step 5, the skill spawns sub-agents using
mode: "bypassPermissions"and inlines a prompt template fromreferences/positioning-agent-prompt.mdwhich is populated with runtime data. This creates a chain of dynamic execution for processing web data.
Audit Metadata