competitive-teardown
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill is focused on product and business research. No security findings related to credential theft, data exfiltration, or malicious command execution were detected. The use of well-known professional platforms (LinkedIn, G2, Reddit) as information sources is standard for this task category.
- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection due to its core function of processing untrusted web content from competitor sites.
- Ingestion points: External data retrieved through the
WebSearchandWebFetchtools as specified inSKILL.md. - Boundary markers: The skill does not provide explicit delimiters or "ignore previous instructions" safety wrappers for the fetched external content.
- Capability inventory: Capabilities are limited to
WebSearch,WebFetch, andRead(of local templates); no high-risk capabilities like arbitrary shell execution or system-wide file writes are requested. - Sanitization: No specific validation or filtering of external content is defined in the instructions, relying on the underlying agent's safety guardrails.
Audit Metadata