geo-audit
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). It ingests untrusted data from arbitrary websites which is subsequently processed by AI agents to generate reports and code recommendations. This is a characteristic of the tool's primary function but remains a security consideration.\n
- Ingestion points: Website content is fetched via
scripts/fetch_page.pyandscripts/citability.pyand then passed into the agent context for analysis.\n - Boundary markers: There are no explicit boundary markers or instructions within the skill prompts to sanitize or ignore potential AI instructions embedded in the audited website's content.\n
- Capability inventory: The skill possesses
Write,Edit, andBashcapabilities, allowing it to generate files in thegeo-fixes/directory and recommend changes to project source code based on audited data.\n - Sanitization: While the Python scripts parse the HTML structure, the resulting text and metadata are provided to the agent without specific filtering for malicious prompt injection patterns.\n- [EXTERNAL_DOWNLOADS]: The skill fetches data from external URLs provided by the user at runtime. This network activity is fundamental to its purpose of auditing live websites.\n- [COMMAND_EXECUTION]: The skill uses the
Bashtool to execute its internal Python-based analysis suite (e.g.,fetch_page.py,citability.py,technical_seo.py) to process audit data locally.
Audit Metadata