hreflang-check
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs legitimate technical SEO analysis. While it reads local configuration files (e.g.,
~/.claude-marketing/brands/...), these are scoped to the application's own data directory for brand context. - [DATA_FETCHING]: The skill explicitly states it does not perform direct HTTP requests to external websites ('the plugin does not crawl websites directly'), instead requiring the user to provide the data for analysis. This minimizes risks associated with SSRF or unauthorized network scanning.
- [PRIVILEGE_MINIMIZATION]: The skill uses
allowed-toolslogic (implied by the system context) and restricts its operations to parsing and generating report data based on provided input. - [INDIRECT_PROMPT_INJECTION]: The skill processes external HTML/SEO data provided by the user. While this is an ingestion point for untrusted data, the processing is technical (parsing tags) rather than executing instructions, and the output is a structured report, which is a low-risk pattern.
Audit Metadata