seo-pseo-planner
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill describes a process for gathering content via web scraping and user-generated content (Step 3), which introduces a vulnerability to indirect prompt injection where malicious instructions on external sites could influence the agent.
- Ingestion points: External data is ingested through the webfetch tool and local file reading.
- Boundary markers: The skill lacks instructions to use delimiters or ignore instructions embedded in the collected data.
- Capability inventory: The agent is authorized to use sensitive tools including mcp__gsc__search_analytics and Write, which increases the impact if the agent follows malicious external instructions.
- Sanitization: No procedures for sanitizing or validating external data are mentioned in the framework.
Audit Metadata