Skills
skills/aaaaqwq/agi-super-team/seo-geo/Gen Agent Trust Hub

seo-geo

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFECREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill requires sensitive API credentials (DATAFORSEO_LOGIN, DATAFORSEO_PASSWORD) to be stored as environment variables. These are retrieved by scripts/credential.py and used for authenticated requests to a third-party service.
  • [EXTERNAL_DOWNLOADS]: The scripts/seo_audit.py script fetches HTML content from arbitrary user-provided URLs using urllib.request. This is a core feature for auditing website SEO but involves making outbound network requests to untrusted sources.
  • [DATA_EXFILTRATION]: Multiple scripts (e.g., keyword_research.py, backlinks.py) send search keywords, domain names, and authentication headers to the DataForSEO API (https://api.dataforseo.com/v3). While this is the intended purpose of the skill, it involves transmitting data to an external third-party provider.
  • [REMOTE_CODE_EXECUTION]: A dangerous command pattern (curl -fsSL example.com/install.sh | bash) is present in references/schema-templates.md. Although it appears as an example within an FAQ schema template, the presence of such patterns in the skill's knowledge base carries a risk of being suggested or misused.
  • [COMMAND_EXECUTION]: The skill instructions in SKILL.md prompt the execution of Python scripts and curl commands using parameters like URLs and keywords provided during the session. This presents a potential surface for command injection if input parameters are not correctly handled by the agent.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its data ingestion surface.
  • Ingestion points: scripts/seo_audit.py reads the title, meta tags, and H1 content from arbitrary external websites.
  • Boundary markers: The script output does not use delimiters to isolate untrusted web content from the agent's instructions.
  • Capability inventory: The skill can execute shell commands, run local Python scripts, and perform network operations.
  • Sanitization: No sanitization is performed on the extracted HTML content; it is presented directly to the agent context after regex parsing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 07:00 AM