keyword-research
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No instructions found that attempt to override agent safety protocols or bypass constraints. All instructional content is related to the intended SEO use case.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded secrets, API keys, or access to sensitive local file paths (e.g., SSH, AWS credentials) detected. External interactions are limited to standard web search and fetching for research purposes.
- [Indirect Prompt Injection] (SAFE): The skill provides an attack surface by instructing the agent to ingest data from untrusted external sources like Reddit and general web pages via
WebFetchandWebSearch. However, this is necessary for the skill's primary function of keyword research. No malicious interpolation or lack of sanitization logic was found that would escalate this beyond a standard functional risk. (Evidence: 1. Ingestion points: WebFetch/WebSearch/Perplexity calls to external SEO sources; 2. Boundary markers: Absent in prompt templates; 3. Capability inventory: Write, Edit, WebSearch tools; 4. Sanitization: Not explicitly implemented). - [Remote Code Execution] (SAFE): No package installations, remote script downloads, or dynamic execution patterns (eval/exec) are present in the skill.
- [Obfuscation] (SAFE): No encoded content, zero-width characters, or homoglyphs were detected in the skill text or metadata.
Audit Metadata