seo-cluster
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes local helper scripts, specifically
scripts/fetch_page.pyandscripts/dataforseo_costs.py. These scripts are used for routine tasks such as validating URLs and checking API cost estimates for search data. - [EXTERNAL_DOWNLOADS]: The skill performs network requests to retrieve search engine result data from WebSearch or the DataForSEO API. These operations are consistent with the skill's primary purpose of SERP-based semantic clustering and do not involve downloading or executing untrusted code.
- [DATA_EXFILTRATION]: While the skill fetches external content, the documentation specifies the use of URL validation to prevent SSRF and unauthorized data access. There is no evidence of sensitive data, such as credentials or environment variables, being sent to external locations.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests data from external search results and local SEO strategy files (documented in SKILL.md and Step 6). However, the skill lacks high-severity capabilities that could be exploited via these inputs, and it emphasizes structured data processing (JSON link matrices) which reduces the risk of malicious instruction obedience.
Audit Metadata