seo-meta-tags
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill provides numerous templates across all files that facilitate the interpolation of untrusted external data (such as blog post titles, excerpts, and user-provided placeholders) directly into the agent's output context or generated code.
- Ingestion points: Placeholders like
{{PAGE_TITLE}}inreferences/html.md,post.titleinreferences/nextjs.md, and route parameters inreferences/vite.md. - Boundary markers: Virtually absent; the templates do not use delimiters or instructions to prevent the agent from obeying instructions embedded within these metadata fields.
- Capability inventory: The skill is intended for code and content generation; if an agent uses these templates to process attacker-controlled data, it can be manipulated into generating malicious metadata or scripts.
- Sanitization: While the skill suggests validating JSON-LD, it lacks guidance on escaping HTML attributes or sanitizing string inputs for other meta tags.
- Vulnerable Code Patterns (MEDIUM): The React implementation example in
references/vite.mdexplicitly demonstrates the use ofdangerouslySetInnerHTMLto render content fetched from an external source. - Evidence: The line
<div dangerouslySetInnerHTML={{ __html: post.content }} />provides a pattern for high-risk XSS vulnerabilities if thepost.contentis not rigorously sanitized before being rendered in a browser. - External Downloads (LOW): The
references/vite.mdfile contains instructions for the agent or developer to install several external dependencies. - Evidence:
npm installcommands forvite-plugin-html,react-helmet-async, and@unhead/vue. - Risk: While these are well-known packages, they represent external code dependencies that must be verified for supply chain integrity.
Audit Metadata