seo-audit
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill crawls up to 500 pages of external websites, which serves as a significant ingestion point for untrusted data. This makes the skill susceptible to indirect prompt injection if a crawled page contains malicious instructions designed to influence the agent.
- Ingestion points: External URLs and web content analyzed during the crawl process.
- Boundary markers: No specific delimiters or instructions to ignore embedded commands are present in the provided skill definition.
- Capability inventory: Uses local scripts (scripts/fetch_page.py) and performs file system operations to save audit reports.
- Sanitization: There is no indication that the fetched web content is sanitized or validated before being analyzed by the agent.
- [COMMAND_EXECUTION]: The skill utilizes a local Python script 'scripts/fetch_page.py' to retrieve homepage HTML and crawl internal links. This is standard functionality for an SEO audit tool and is considered a legitimate resource provided by the vendor.
Audit Metadata