serp-analysis
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill includes a shell command (
curl ... | python3 -c "...") used to fetch search data and parse it. Technical analysis confirms that the Python code being executed is a static string defined within the skill itself to process JSON data, and not code downloaded from a remote source. - [EXTERNAL_DOWNLOADS]: The skill retrieves data from SerpAPI, which is a well-known and trusted service for providing search engine result data. This behavior is consistent with the skill's primary purpose of SEO analysis.
- [DATA_EXFILTRATION]: No sensitive local data is accessed or transmitted. The skill uses placeholders for API keys (
{key}), ensuring that no user credentials are leaked or hardcoded in the skill definition. - [PROMPT_INJECTION]: The skill ingests external data from search results, which technically creates a surface for indirect prompt injection. However, since the skill only outputs this data for informational purposes and does not use it to trigger further sensitive actions or system commands, the risk is negligible.
Audit Metadata