competitor-teardown

Pass

Audited by Gen Agent Trust Hub on May 22, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill ingests untrusted data from the web for analysis, which represents a surface for indirect prompt injection. \n
  • Ingestion points: External data enters through tavily/search-assistant, exa/search, and tavily/extract (SKILL.md).\n
  • Boundary markers: None identified in the provided templates to isolate external content from instructions.\n
  • Capability inventory: The agent can execute Python code (infsh/python-executor), browse websites (infsh/agent-browser), and manipulate files (infsh/stitch-images).\n
  • Sanitization: No sanitization logic is present for the retrieved external content.\n- [COMMAND_EXECUTION]: Executes Python code via an internal tool to generate visualization artifacts like positioning maps. The code is hardcoded as a template within the documentation.\n- [EXTERNAL_DOWNLOADS]: Directs users to install CLI utilities from the inference-sh GitHub repository and provides links to setup documentation.
Audit Metadata
Risk Level
SAFE
Analyzed
May 22, 2026, 04:24 AM
Security Audit — agent-trust-hub — competitor-teardown