seo-implement
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a vulnerability to indirect prompt injection as it ingests and processes content from external websites to determine SEO modifications.\n
- Ingestion points: Reads current meta tags, schema markup, and page content from WordPress or Webflow CMS platforms via MCP connections during the validation phase.\n
- Boundary markers: No explicit delimiters or instructions are used to distinguish ingested website content from the agent's internal reasoning or system instructions.\n
- Capability inventory: The skill has the ability to modify SEO fields, inject JSON-LD, create redirects via CMS MCP servers, and execute local logging scripts.\n
- Sanitization: The process includes validation for SEO technical standards (e.g., character counts and schema validity) but does not implement sanitization for embedded natural language instructions within the source content.\n- [COMMAND_EXECUTION]: The skill uses a local script for record-keeping and data management.\n
- Evidence: Execution of
seo-executor.pyin Step 7 to log change metadata, CMS API responses, and rollback snapshots for audit trails.
Audit Metadata