indxel-pro
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill relies on the 'indxel' npm package, which is not from a predefined trusted organization. It uses 'npx' to download and execute this tool at runtime.
- [COMMAND_EXECUTION] (LOW): Extensive use of CLI commands via 'npx' to perform site crawls, keyword research, and indexation checks.
- [PROMPT_INJECTION] (LOW): Potential for Indirect Prompt Injection as the skill ingests untrusted data from live websites during crawls. Ingestion points: Crawls live URLs, fetches sitemaps, and parses 'robots.txt' (crawl-patterns.md). Boundary markers: Absent. The agent is not instructed to ignore instructions embedded in the crawled content. Capability inventory: The skill has the ability to execute CLI commands and make network requests. Sanitization: None documented in the skill files.
Audit Metadata