ai-seo-articles
Fail
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: Hardcoded authentication tokens (bearer tokens) were found in configuration, documentation, and script files. These tokens grant access to the vendor's production infrastructure.
- Evidence in
config/blink/COMPANY.md:blnk_60b83e763f3cc1a3a5093566ec8d4422157a1a49c94bf9ad - Evidence in
scripts/audit-fix-blog.mjs:blnk_60b83e763f3cc1a3a5093566ec8d4422157a1a49c94bf9ad - Evidence in
scripts/process-inline-images.mjs:blnk_60b83e763f3cc1a3a5093566ec8d4422157a1a49c94bf9ad - Evidence in
reference/GEO.md:blnk_68f3c7384ce7f296ff1f3c4d88fcfbf4 - [DATA_EXFILTRATION]: The skill is designed to transmit local article drafts, project metadata, and generated assets to an external server (
blink-mcp-production.up.railway.app). While this is part of the intended CMS workflow, the transmission relies on hardcoded credentials, posing a risk of unauthorized data access or interception. - [PROMPT_INJECTION]: The skill architecture is vulnerable to indirect prompt injection due to its ingestion of untrusted external content.
- Ingestion points: Untrusted data enters the agent context through
web_searchandfetch_urloperations defined inprompts/ORCHESTRATOR.md(Phase 1: Research Workers). - Boundary markers: The orchestrator instructions do not implement delimiters or 'ignore' instructions for the fetched competitor data.
- Capability inventory: The skill has access to shell script execution (
scripts/audit-seo-health.sh), local file system writes, and remote tool execution viacms_write_fileandcms_upload_asset. - Sanitization: There is no evidence of validation or sanitization of content fetched from the web before it is passed to writer subagents.
Recommendations
- AI detected serious security threats
Audit Metadata