seo-content-audit
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Python scripts, specifically
catalog_content.pyandanalyze_domain.py, via subprocess calls. These scripts are run with domain and keyword parameters derived from user input or context files. \n- [EXTERNAL_DOWNLOADS]: It fetches SEO metrics from well-known services like Semrush and Ahrefs (via Apify) and utilizes WebFetch to download content from arbitrary external websites for analysis. \n- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it ingests untrusted text from external websites during the content inventory and brand voice extraction phases. 1. Ingestion points: Phase 2, 4, and 6 (WebFetch/scripts). 2. Boundary markers: Absent. 3. Capability inventory: Subprocess script execution and local file writing. 4. Sanitization: Absent.
Audit Metadata