technical-seo-checker
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest untrusted external data such as robots.txt files and XML sitemaps using the WebFetch tool. While this presents a theoretical surface for indirect prompt injection, the skill employs safe practices by instructing the agent to wrap this content in markdown code blocks, which serves as a boundary marker. Furthermore, the skill's capabilities are restricted by the 'allowed-tools' configuration, preventing the execution of any commands that might be embedded in the fetched data.
- [DATA_EXPOSURE_&_EXFILTRATION]: No evidence of credential harvesting, access to sensitive local files (like .ssh or .env), or unauthorized network communication was found. The use of WebFetch is limited to the primary purpose of auditing public SEO resources.
- [REMOTE_CODE_EXECUTION]: The skill does not download or execute external scripts, nor does it require any system package installations.
- [OBFUSCATION]: All content, including reference materials and audit templates, is provided in clear, human-readable markdown without any encoding or hidden characters.
Audit Metadata