competitive-intel-brief
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill is configured to access sensitive internal data, including marketing strategy documents ('product-marketing-context', 'brand-voice-guide') and internal Slack communications via the 'slack_search_public_and_private' tool. These operations are essential for its primary function of generating competitive intelligence and are clearly disclosed in the skill's instructions.
- [INDIRECT_PROMPT_INJECTION]: The skill possesses an inherent attack surface for indirect prompt injection because it processes untrusted data from external sources.
- Ingestion points: External web content fetched via 'web_search' and 'web_fetch', as well as GitHub Atom release feeds.
- Boundary markers: The instructions do not define explicit boundary markers or delimiters (e.g., XML tags or backticks) to separate untrusted external content from the agent's system instructions.
- Capability inventory: The agent has the capability to write summaries to an internal database ('manage_intel_records'), read internal Slack messages, and search internal marketing repositories ('Tiger Den').
- Sanitization: Although the skill truncates external content (e.g., first 500 characters of release notes), it does not perform sanitization to detect or neutralize embedded instructions meant to manipulate the agent's behavior.
Audit Metadata