seo-specialist
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is designed to ingest and process untrusted data from external sources such as website architecture, content inventories, and competitor landscapes.
- Ingestion points: Website content and metadata retrieved via
google-search-console,screaming-frog, and web-reading tools. - Boundary markers: None. No instructions exist to delimit external content or ignore embedded commands.
- Capability inventory: Possesses
Bash,Write, andReadcapabilities, which are highly exploitable. - Sanitization: None detected. The agent interpolates external data directly into its reasoning process.
- Command Execution (HIGH): The inclusion of the
Bashtool provides a mechanism for arbitrary command execution. When combined with the lack of input sanitization for external SEO data, an attacker could embed malicious shell commands in a website's metadata or hidden tags that the agent might execute during an audit.
Recommendations
- AI detected serious security threats
Audit Metadata