geo-fundamentals
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOW
Full Analysis
- [SAFE] (SAFE): No malicious code, exfiltration patterns, or obfuscation were detected in the skill or the checker script. The functionality aligns with its stated purpose of SEO/GEO auditing.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes untrusted web content. While it lacks high-privilege capabilities, it creates a potential injection surface. Evidence Chain: 1. Ingestion: scripts/geo_checker.py reads file content via Path.read_text(). 2. Boundary Markers: None present. 3. Capabilities: Restricted to file system inspection (Read, Glob, Grep); no network or write access. 4. Sanitization: None applied to ingested text.
- [DATA_EXPOSURE] (INFO): The script accesses project-specific web files. It implements safety filters (SKIP_DIRS, SKIP_FILES) to avoid reading sensitive environment variables or configuration files. No access to sensitive user directories (~/.ssh, etc.) is attempted.
Audit Metadata