seo-and-aeo-strategy
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill communicates with the DataForSEO API to fetch keyword and search result data. Evidence: scripts/dataforseo_api.py uses HTTP POST requests to https://api.dataforseo.com/v3.
- [COMMAND_EXECUTION]: Local Python scripts are executed to automate SEO workflows. Evidence: The scripts directory contains various utilities (e.g., scripts/backlinks.py, scripts/seo_audit.py) that use the standard library urllib.request to communicate with remote servers.
- [PROMPT_INJECTION]: The skill processes content from third-party websites during SEO audits, which could host malicious instructions aimed at the agent. 1. Ingestion points: scripts/seo_audit.py fetches HTML content from user-provided URLs. 2. Boundary markers: No delimiters or ignore instructions are used to wrap the fetched content. 3. Capability inventory: Scripts have network access to fetch web content and API data. 4. Sanitization: The fetched content is parsed using regular expressions for metadata extraction but is not otherwise sanitized.
Audit Metadata