rank-monitor
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: A detailed security audit revealed no malicious patterns, hardcoded credentials, or unauthorized command execution. The skill's behavior is consistent with its stated purpose of managing keyword ranking data.
- [PROMPT_INJECTION]: The skill possesses a data ingestion surface for indirect prompt injection because it processes keywords from external files (CSV, JSON, Google Sheets) and API responses from Moz and Google Search Console. Evidence: 1. Ingestion points: local SEO files and MCP API responses; 2. Boundary markers: Absent; 3. Capability inventory: File management within the local marketing directory and specific SEO API calls; 4. Sanitization: Absent. However, the risk is negligible as keyword strings are treated as data literals for position tracking rather than being interpolated into executable logic or used to influence agent instructions.
Audit Metadata