local-seo-audit
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script 'scripts/local-seo-checker.py' to evaluate business data. It passes user-provided Name, Address, and Phone (NAP) information as command-line arguments.
- [COMMAND_EXECUTION]: It reads configuration files and brand profiles from the user's home directory at '~/.claude-marketing/', which is used to manage marketing context and compliance rules.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface due to its processing of external, untrusted data.
- Ingestion points: Reads data from Google Business Profiles, external website URLs, and third-party review platforms.
- Boundary markers: The process description does not include delimiters or instructions to ignore instructions embedded within the retrieved SEO data.
- Capability inventory: The skill can execute local shell commands and read from the file system.
- Sanitization: There is no specified mechanism for sanitizing or validating data fetched from external URLs before it is processed by the specialist agent.
Audit Metadata