seomachine
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via the content scraping features in
scripts/content_brief_generator.pyandmodules/content_length_comparator.py. - Ingestion points: The
_scrape_pagefunction fetches data from arbitrary external competitor URLs determined at runtime via search results. - Boundary markers: The retrieved content, such as H2/H3 headings, is rendered into markdown content briefs for the agent to read without using explicit delimiters or instructions to ignore embedded commands.
- Capability inventory: The agent can execute local Python scripts, perform network operations, and read environment configurations.
- Sanitization: Although basic normalization is applied to extracted headings, the skill lacks comprehensive validation to ensure that scraped content does not contain malicious instructions aimed at the agent.
- [COMMAND_EXECUTION]: The skill includes several executable Python scripts (
weekly_seo_report.py,content_brief_generator.py,competitor_gap_finder.py) designed to be run in the agent's terminal. These scripts interact with external APIs (DataForSEO, HubSpot, Google Analytics) and the local file system to store reports and history, necessitating a controlled execution environment.
Audit Metadata