seo-technical
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to run local Python scripts (pagespeed_check.py, crux_history.py, gsc_inspect.py) using user-provided URLs as command-line arguments. This pattern presents a command injection risk if the URLs are not sanitized before being passed to the shell.
- [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and process data from untrusted external sources, including website HTML, robots.txt files, and XML sitemaps. Ingestion points: External URLs provided for audit, including the content of robots.txt, sitemaps, and page source code. Boundary markers: Absent; there are no instructions to use delimiters or ignore embedded instructions within the fetched web data. Capability inventory: The skill utilizes subprocess calls to execute Python scripts and interacts with external APIs (DataForSEO, Google APIs) via MCP tools. Sanitization: Absent; the instructions do not include requirements for validating, escaping, or filtering content retrieved from the target websites.
Audit Metadata