seo-maps
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external content, including business websites (via WebFetch) and user reviews (via DataForSEO Reviews API). This creates a surface for indirect prompt injection where malicious instructions embedded in a website or a review could attempt to influence the agent's behavior during analysis.
- Ingestion points: Website HTML content is fetched in the GBP Profile Audit (Tier 0) and Cross-Platform NAP Verification workflows. User reviews are ingested via the DataForSEO Reviews API.
- Boundary markers: The skill does not explicitly define delimiters or instructions to the agent to disregard embedded commands in the processed data.
- Capability inventory: The skill uses network tools (WebFetch, DataForSEO MCP) to gather data. No local file write or shell command execution capabilities were identified in the analyzed files.
- Sanitization: No explicit sanitization or filtering of external content is specified before the agent processes it for sentiment or audit analysis.
Audit Metadata