grey-haven-seo-geo-optimization
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill's primary operations involve fetching public web metadata using
curlandBashto analyze meta tags, robots.txt, and sitemaps. These activities are consistent with the stated purpose of SEO auditing and do not involve unauthorized data access or persistence mechanisms.\n- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests untrusted data from external websites during the audit and optimization workflow.\n - Ingestion points: External website content is retrieved via
curlinSKILL.mdand through thefirecrawl-mcptool during the site audit phase.\n - Boundary markers: The workflow lacks explicit delimiters or instructions to separate fetched external content from the agent's internal instructions.\n
- Capability inventory: The skill has access to
Bash,Write, andMultiEdittools, which could be targeted if a fetched website contained malicious instructions designed to influence the agent's behavior.\n - Sanitization: No HTML sanitization or validation of the fetched external content is performed before the data is processed by the agent.
Audit Metadata