competitive-analysis

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No malicious behavior detected. The skill's operations align with its stated purpose of market and competitor research.
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because its core functionality requires fetching and processing untrusted data from external websites.
  • Ingestion points: The skill instructs the agent to use WebFetch on competitor websites and App Store pages to extract features and pricing.
  • Boundary markers: The instructions do not define specific markers (like XML tags) or instructions to ignore embedded prompts within the fetched content.
  • Capability inventory: The skill has Write permissions to the file system and WebFetch capabilities for network access.
  • Sanitization: No explicit sanitization or validation steps are defined for the fetched external content before it is structured into JSON and written to disk.
  • [DATA_EXFILTRATION]: The skill performs network requests to non-whitelisted domains (competitor websites and App Store) using the WebFetch and WebSearch tools. This behavior is documented and necessary for the skill's primary function of competitive research.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 05:18 PM
Security Audit — agent-trust-hub — competitive-analysis