seo-ecommerce
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes several local Python scripts (e.g.,
scripts/fetch_page.py,scripts/dataforseo_merchant.py) to execute its workflows. These operations are restricted to the local environment and are used to process user-provided URLs and keywords. - [EXTERNAL_DOWNLOADS]: The skill interacts with the DataForSEO Merchant API to retrieve marketplace data from Google Shopping and Amazon. This is the primary function of the skill and is protected by a mandatory cost-check mechanism (
scripts/dataforseo_costs.py) that requires user approval for high-cost or specific marketplace endpoints. - [DATA_EXFILTRATION]: No patterns of unauthorized data exfiltration were detected. The network operations are limited to well-defined SEO data providers and user-specified product pages.
- [INDIRECT_PROMPT_INJECTION]: The skill ingests data from external URLs via
fetch_page.pyandparse_html.pyfor SEO analysis. While this represents a potential surface for indirect prompt injection (e.g., malicious instructions hidden in a product page's HTML), the agent's tasks are scoped to extracting specific SEO elements like schema, headings, and metadata, which reduces the risk of malicious instruction execution. - Ingestion points: External HTML content is ingested through the
fetch_page.pyscript (called in SKILL.md). - Boundary markers: None explicitly defined in the workflow description.
- Capability inventory: Limited to file reading (HTML parsing) and API network calls; no dynamic code execution (
eval/exec) is present. - Sanitization: The skill uses a dedicated parsing script (
scripts/parse_html.py) to extract structured SEO elements, providing a layer of normalization for the ingested data.
Audit Metadata