seo-engine
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) due to its architecture of fetching and processing untrusted external content.
- Ingestion points: Content is ingested via
scripts/prepare_input/fetch_html.py,fetch_robots_txt.py, andfetch_sitemap.py, which download raw data from URLs provided by the user. - Boundary markers: There are no explicit boundary markers or instructions to the agent to ignore embedded commands within the fetched HTML or text content.
- Capability inventory: The skill possesses network capabilities (
requests.get), file system write access (saving audit results), and browser automation capabilities via Selenium (scripts/hidden_text_detection/hidden_text_detection.py). - Sanitization: The skill uses
BeautifulSoupfor parsing, but the extracted text is passed directly into the agent's context for rule evaluation, allowing hidden instructions in the target website to potentially hijack the session. - [COMMAND_EXECUTION]: Several scripts (
hidden_text_detection.py,keyword_stuffing_detection.py) use Selenium to launch a headless Chrome instance. This involves subprocess execution of the web driver and interaction with arbitrary JavaScript from external websites, which increases the attack surface if the browser is exploited. - [EXTERNAL_DOWNLOADS]: The skill requires several third-party Python packages as defined in
scripts/pyproject.toml, includingselenium,beautifulsoup4,lxml,webdriver-manager,requests, andgoogle-api-python-client. These are standard tools for the skill's intended SEO auditing purpose.
Audit Metadata