programmatic-seo-planner
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides examples for running local Python scripts to catalog competitor websites and scrape data from social media. These commands are restricted to local paths and serve the skill's primary research purpose.
- [EXTERNAL_DOWNLOADS]: The skill recommends using established SEO industry providers such as DataForSEO, Keywords Everywhere, SEMrush, Ahrefs, and Apify. These are recognized, well-known services and do not represent a security risk.
- [PROMPT_INJECTION]: The skill is subject to an indirect prompt injection surface due to its data ingestion from Reddit and competitor websites. Ingestion points: Scraped content from web pages and Reddit threads via local scripts. Boundary markers: The prompt does not specify delimiters or instructions to ignore embedded commands in the retrieved data. Capability inventory: The skill uses local scripts for automated data collection. Sanitization: No explicit sanitization or validation of the retrieved external content is mentioned.
Audit Metadata