gsc-analyzer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface. The skill is designed to ingest and analyze external data from Google Search Console exports. An attacker who can influence the search queries or URLs appearing in these exports (e.g., through SEO spam) could potentially embed instructions aimed at the agent.
- Ingestion points: The skill instructions in
SKILL.mdspecify that users provide GSC data in ZIP or CSV formats. - Boundary markers: No explicit delimiters are defined in the instructions to isolate raw data from analysis prompts, though the workflow includes a step to filter spam queries.
- Capability inventory: The agent parses data and generates complex markdown reports with revenue impact estimates.
- Sanitization: While
references/brand_analysis.mdrecommends filtering spam patterns, there is no explicit instruction to sanitize query strings to prevent the inclusion of instructions or injection attempts. - [NO_CODE] (SAFE): The provided skill consists entirely of markdown documentation and strategic frameworks. It does not contain any executable scripts, binaries, or package dependency files.
Audit Metadata