seo-geo
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill connects to api.dataforseo.com (a well-known SEO data provider) and fetches content from external URLs for auditing.
- [COMMAND_EXECUTION]: Skill instructions involve executing Python scripts and curl commands for auditing web resources.
- [CREDENTIALS_UNSAFE]: Authentication for the DataForSEO API is managed through environment variables (DATAFORSEO_LOGIN and DATAFORSEO_PASSWORD).
- [REMOTE_CODE_EXECUTION]: Documentation includes an example FAQ template containing a curl pipe to bash; this is a placeholder and not executed by the skill.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface (Category 8). Ingestion points: scripts/seo_audit.py reads HTML from external URLs. Boundary markers: No delimiters are used to separate audited content. Capability inventory: The skill can make network requests and suggests command execution. Sanitization: Extracted metadata is not sanitized.
Audit Metadata