competitive-analysis
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious behavior detected. The skill's operations align with its stated purpose of market and competitor research.
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because its core functionality requires fetching and processing untrusted data from external websites.
- Ingestion points: The skill instructs the agent to use
WebFetchon competitor websites and App Store pages to extract features and pricing. - Boundary markers: The instructions do not define specific markers (like XML tags) or instructions to ignore embedded prompts within the fetched content.
- Capability inventory: The skill has
Writepermissions to the file system andWebFetchcapabilities for network access. - Sanitization: No explicit sanitization or validation steps are defined for the fetched external content before it is structured into JSON and written to disk.
- [DATA_EXFILTRATION]: The skill performs network requests to non-whitelisted domains (competitor websites and App Store) using the
WebFetchandWebSearchtools. This behavior is documented and necessary for the skill's primary function of competitive research.
Audit Metadata