Skills
skills/varnan-tech/opendirectory/map-your-market/Gen Agent Trust Hub

map-your-market

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill manages its workflow using local Python and shell commands.
  • Instructions in SKILL.md use python3 to orchestrate input processing and report generation.
  • The skill executes scripts/fetch.py to perform the core data collection task.
  • It manages files in /tmp and saves final research reports to the docs/market-maps/ folder.
  • [EXTERNAL_DOWNLOADS]: The skill performs network requests to collect market signals from public platforms.
  • It connects to www.reddit.com, hn.algolia.com, api.github.com, and www.g2.com using the standard Python urllib library.
  • Best Practice Violation: The scripts/fetch.py script uses ssl._create_unverified_context(), which disables SSL certificate verification for its network connections.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its processing of untrusted user-generated content.
  • Ingestion points: Data is fetched from Reddit posts, HN comments, and GitHub issues.
  • Boundary markers: The collected data is analyzed by the AI without explicit delimiters or instructions to ignore embedded commands.
  • Capability inventory: The skill can execute local scripts and write files to the repository.
  • Sanitization: Content is truncated for length but is not sanitized for malicious injection patterns.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 05:52 PM
Security Audit — agent-trust-hub — map-your-market