Skills
skills/leoli77521/portfolio-starter-kit/pseo-engine/Gen Agent Trust Hub

pseo-engine

Warn

Audited by Gen Agent Trust Hub on Feb 13, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  1. Unverifiable Dependencies (MEDIUM): The SKILL.md and scripts/pseo_generator.py explicitly mention npm run build. This implies that the skill relies on external Node.js packages installed via npm. These packages are not included in the audit and cannot be verified for security, posing a risk if they contain malicious code or vulnerabilities. This is categorized as EXTERNAL_DOWNLOADS.
  2. Command Execution (MEDIUM): The instruction npm run build in SKILL.md and scripts/pseo_generator.py indicates that the skill executes shell commands. While npm run build is a standard development command, it represents a capability for arbitrary command execution if the package.json scripts were altered or if the agent were prompted to execute other commands. This is categorized as COMMAND_EXECUTION.
  3. Indirect Prompt Injection (INFO): Several Python scripts (competitor_analyzer.py, keyword_analyzer.py, seo_report.py, technical_seo_audit.py, content_optimizer.py, internal_link_builder.py) are designed to process external web content (via WebFetch and WebSearch) or local files. If these external sources or local files contain malicious instructions or data, they could indirectly influence the agent's behavior or output. This is a general risk for skills that interact with external or user-provided data.
  4. External Network Operations (INFO): The skill uses WebSearch and WebFetch to retrieve data from external websites (e.g., SERP data, competitor URLs, /api/seo-health). While these are standard agent capabilities and necessary for the skill's functionality, they involve interaction with external, untrusted sources. No sensitive local data is explicitly targeted for exfiltration through these operations.
  5. Local File Access (INFO): The skill reads and writes various local files, including .md, .json, .tsx, and .ts files (e.g., data/pseo_data.json, app/templates/[tech]/[role]/page.tsx, app/sitemap.ts). This is expected behavior for a content management and SEO automation tool. No access to sensitive system files (e.g., ~/.ssh, /etc/passwd) is detected.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 13, 2026, 10:41 AM