google-search-console
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection through data ingested from the Google Search Console API. Ingestion points: Search analytics (queries, pages), URL inspection results, and sitemap data. Boundary markers: Output is formatted as Markdown tables in SKILL.md. Capability inventory: Requests 'Bash', 'Read', 'Write', and 'Edit' tools in SKILL.md. Sanitization: No sanitization of API data is performed before display in the analyzed config.ts or types.ts logic.
- DATA_EXFILTRATION (SAFE): Credentials are sourced from environment variables, and the config.ts file includes logic to redact these secrets from logs to prevent accidental exposure.
Audit Metadata