tech-seo-audit
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a Python script located within the skill directory.
- Evidence: The process description in
SKILL.mdexplicitly callspython "scripts/tech-seo-auditor.py" --url {url}. - Risk: User-supplied input
{url}is passed directly as a command-line argument. If the underlying Python script does not properly sanitize this input before processing, it could lead to argument injection or command execution vulnerabilities. - [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and process data from external websites, which is an untrusted source.
- Ingestion points: The
tech-seo-auditor.pyscript (Step 3) and subsequent analysis steps (Steps 5-11) fetch and analyze HTML, meta tags, robots.txt, and structured data from the user-provided{url}. - Boundary markers: There are no visible boundary markers or specific instructions to the agent to ignore embedded instructions within the crawled website content.
- Capability inventory: The skill possesses the capability to execute local scripts and generate structured reports based on external data.
- Sanitization: No evidence of sanitization or filtering of the retrieved web content is provided in the skill definition, creating a risk where malicious meta tags or hidden text on the target site could influence the agent's behavior.
- [DATA_EXPOSURE]: The skill accesses sensitive local file paths to retrieve brand profiles and compliance rules.
- Evidence: Step 1 in the process reads from paths including
~/.claude-marketing/brands/_active-brand.jsonand~/.claude-marketing/brands/{slug}/profile.json. - Risk: While necessary for the stated functionality, this behavior grants the skill access to potentially sensitive marketing data and brand strategies stored in the user's home directory.
Audit Metadata