google-search-console
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's
requirements.txtspecifies a dependency (google-searchconsole) hosted on GitHub rather than a standard package registry. It is pinned to a specific commit hash (9ab5a2651c3eb06d862d4b604babd84cbb7b48c0) which provides some integrity protection. - [REMOTE_CODE_EXECUTION]: The skill executes external code via the third-party
searchconsolelibrary to interact with Google APIs. This is a functional requirement for the skill's operation. - [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill ingests untrusted data from the Google Search Console API (such as user search queries and page titles) and processes it to generate insights. If these external strings contained malicious instructions, they could potentially influence the agent's behavior.
- Ingestion points: Search analytics rows fetched in
gsc_client.pyand processed inanalyze.py. - Boundary markers: None detected; the data is interpolated into analysis summaries without explicit delimiters.
- Capability inventory: The skill has access to local environment variables, file system paths (via
.envloading), and subprocess execution for script runs. - Sanitization: No specific sanitization or filtering of the search data is implemented before analysis.
Audit Metadata