seo-flow
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The
/seo flow synccommand triggers a local Python script (scripts/sync_flow.py) to manage repository updates. The orchestration logic suggests this process involves the GitHub command-line interface (gh) to check API rate limits and handle authentication. - [EXTERNAL_DOWNLOADS]: The skill's synchronization mechanism is designed to pull updated markdown templates and framework documentation from the author's public repository (
github.com/AgriciDaniel/flow) to ensure the local prompt library remains current. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection, as it ingests and processes content from external, user-specified URLs or topics to perform SEO audits.
- Ingestion points: External data enters the agent context via URL or topic arguments provided to the
/seo flowcommand suite (specifically in the find, leverage, optimize, win, and local stages defined inSKILL.md). - Boundary markers: The orchestration logic does not specify the use of delimiters or specific instructions for the agent to disregard embedded directives within the analyzed content.
- Capability inventory: The skill possesses the ability to read local files and execute shell commands through the synchronization script (
scripts/sync_flow.py). - Sanitization: No explicit data sanitization or validation steps for the external content are documented in the skill's instructions.
Audit Metadata