competitor-teardown
Pass
Audited by Gen Agent Trust Hub on May 22, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill ingests untrusted data from the web for analysis, which represents a surface for indirect prompt injection. \n
- Ingestion points: External data enters through
tavily/search-assistant,exa/search, andtavily/extract(SKILL.md).\n - Boundary markers: None identified in the provided templates to isolate external content from instructions.\n
- Capability inventory: The agent can execute Python code (
infsh/python-executor), browse websites (infsh/agent-browser), and manipulate files (infsh/stitch-images).\n - Sanitization: No sanitization logic is present for the retrieved external content.\n- [COMMAND_EXECUTION]: Executes Python code via an internal tool to generate visualization artifacts like positioning maps. The code is hardcoded as a template within the documentation.\n- [EXTERNAL_DOWNLOADS]: Directs users to install CLI utilities from the
inference-shGitHub repository and provides links to setup documentation.
Audit Metadata