marketing-competitor-profiling
Pass
Audited by Gen Agent Trust Hub on Jul 3, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external content from competitor websites, which introduces a surface for indirect prompt injection.
- Ingestion points: Scraped content from arbitrary competitor URLs is pulled into the agent context in Phase 1 (SKILL.md).
- Boundary markers: The instructions do not specify any delimiters or warnings to the agent to treat scraped content as untrusted, potentially allowing embedded malicious instructions to influence behavior.
- Capability inventory: The skill possesses file-write capabilities (saving profiles to the local directory) and network capabilities (making further API calls), which could be leveraged if an injection is successful.
- Sanitization: Scraped content is synthesized directly into markdown profiles without prior sanitization or filtering.
- [EXTERNAL_DOWNLOADS]: The skill is designed to retrieve data from external web pages and marketing APIs (Firecrawl, DataForSEO) as part of its documented workflow.
Audit Metadata