screaming-frog-tool
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to ingest and interpret external data, which is an attack vector for indirect prompt injection.
- Ingestion points: Technical audit data exported from Screaming Frog as CSV or Excel files (e.g., Internal > All CSV).
- Boundary markers: The instructions do not define boundary markers or provide warnings to the agent to ignore instructions embedded in the audit data.
- Capability inventory: Technical analysis of site health metrics, including metadata, schema, and internal linking structures.
- Sanitization: No validation or sanitization routines are specified for the uploaded data files.
- [NO_CODE]: The skill consists entirely of markdown-based instructions and metadata; it does not include any executable code, shell scripts, or binary files.
Audit Metadata