programmatic-seo-spy
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Python scripts to crawl competitor websites and perform data clustering.
- [EXTERNAL_DOWNLOADS]: Fetches data from external competitor websites and interacts with well-known third-party SEO services including DataForSEO, SEMrush, Ahrefs, and Apify.
- [PROMPT_INJECTION]: The skill processes untrusted data from external websites (URL patterns and page content), creating a surface for indirect prompt injection.
- Ingestion points: Competitor sitemaps and webpage content via site-content-catalog and fetch_webpage tools.
- Boundary markers: No explicit delimiters are defined in the analyzed instructions to isolate external content.
- Capability inventory: The skill can execute local scripts and write report files to the filesystem.
- Sanitization: No explicit content sanitization or validation of the retrieved web data is described.
Audit Metadata