algo-seo-tfidf
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill instructions do not contain any attempts to override agent behavior, bypass safety filters, or extract system prompts. The language is strictly instructional and related to the SEO domain.- [DATA_EXFILTRATION]: No hardcoded credentials, sensitive file paths, or network operations were found. The Python script operates locally on data provided via a JSON input file.- [REMOTE_CODE_EXECUTION]: No external package installations or remote script executions (e.g., curl|bash) are present. The script uses only the Python standard library.- [COMMAND_EXECUTION]: The script
scripts/tfidf.pyimplements mathematical logic for scoring and does not use dangerous functions likeeval(),exec(), orsubprocessto execute arbitrary commands.- [OBFUSCATION]: No hidden content, encoded strings, or homoglyph substitutions were detected in the instructions or the source code.- [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and process document corpora which could contain untrusted data. - Ingestion points: The skill reads document text from JSON files in the
scripts/tfidf.pyscript. - Boundary markers: None explicitly defined in the prompts, though data is expected in a structured JSON format.
- Capability inventory: The skill's capabilities are restricted to text tokenization and mathematical scoring; it lacks file-writing, network access, or system command capabilities.
- Sanitization: The script tokenizes input using alphanumeric regex and lowercasing, which effectively treats the data as passive text strings rather than instructions.
Audit Metadata