Skills
skills/fortunto2/solo-factory/solo-seo-audit/Gen Agent Trust Hub

solo-seo-audit

Pass

Audited by Gen Agent Trust Hub on Apr 5, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill clones a repository and installs a CLI tool from the author's GitHub repository at github.com/fortunto2/seo-cli.\n- [COMMAND_EXECUTION]: The skill uses the bash tool to install the seo-cli package using uv and to run multiple audit, analytics, and monitoring commands.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it retrieves and parses untrusted metadata from external websites which could contain malicious instructions.\n
  • Ingestion points: Untrusted content is fetched via WebFetch from target URLs, specifically title tags, meta descriptions, JSON-LD scripts, sitemap.xml, and robots.txt (referenced in SKILL.md).\n
  • Boundary markers: No explicit delimiters or 'ignore' instructions are provided to the agent to distinguish between the fetched data and its operational instructions.\n
  • Capability inventory: The skill utilizes Bash (command execution), Write (file creation for reports), and WebFetch/WebSearch (network access).\n
  • Sanitization: No validation or sanitization of the fetched web content is performed before the data is processed or outputted.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 5, 2026, 09:51 AM