The Agent Skills Directory

[PROMPT_INJECTION]: The skill identifies a vulnerability surface for indirect prompt injection by ingesting and processing data from external target URLs during the pre-change snapshot and post-deployment verification steps. Content from these URLs is used to validate SEO best practices and verify deployment success, which could allow an attacker controlling the target page to influence agent behavior.
Ingestion points: Pre-change snapshots of meta tags and schema (Step 2) and post-deployment page data reads (Step 6) from target URLs.
Boundary markers: No explicit delimiters or instructions to ignore embedded commands within the ingested content are present in the skill instructions.
Capability inventory: The skill possesses significant capabilities including modifying website content (CMS MCP), submitting URLs to search engines (Google Search Console MCP), and executing local scripts (seo-executor.py).
Sanitization: There is no evidence of sanitization, escaping, or validation of the ingested external content before it is processed by the agents.
[COMMAND_EXECUTION]: The skill instructions specify the execution of a local Python script named 'seo-executor.py' in Step 7 to record change metadata, CMS API responses, and rollback snapshots. This represents the execution of a file within the local environment.

seo-implement