The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core functionality of auditing untrusted external content.
Ingestion points: The content input schema in SKILL.md accepts raw markdown, HTML, or URLs for analysis.
Boundary markers: The instructions lack explicit delimiters (e.g., XML tags) or system instructions to ignore embedded commands within the fetched content.
Capability inventory: The skill uses web_search and web_browse to analyze competitors and fetches content from user-provided URLs.
Sanitization: There is no mention of sanitization or filtering of the input content before processing.

seo-audit