Skills
skills/megastep/codex-skills/seo/Gen Agent Trust Hub

seo

Pass

Audited by Gen Agent Trust Hub on Feb 26, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it fetches and parses HTML content from external, user-provided URLs.
  • Ingestion points: The scripts fetch_page.py, analyze_visual.py, and parse_html.py are designed to ingest untrusted data from the web.
  • Boundary markers: There are no explicit markers or instructions to isolate the fetched content from the agent's internal logic.
  • Capability inventory: The skill possesses network access via the requests library and browser automation via playwright, along with the ability to write files to the local disk.
  • Sanitization: While the scripts parse the HTML for SEO elements, the content returned to the agent is not specifically sanitized to remove potential prompt injection attacks.
  • [EXTERNAL_DOWNLOADS]: The skill requires several third-party Python libraries for its operations.
  • Python packages: Depends on playwright, requests, beautifulsoup4, and lxml.
  • Browser binaries: playwright requires the installation of the Chromium browser binary.
  • Trusted sources: The documentation refers to well-known and trusted services such as Google's PageSpeed Insights API and Lighthouse.
  • [COMMAND_EXECUTION]: The skill executes localized Python scripts to perform deep site analysis.
  • Security Controls: The scripts implement sophisticated Server-Side Request Forgery (SSRF) protections by validating that hostnames resolve to public IP addresses and blocking access to private or loopback ranges. Additionally, capture_screenshot.py implements path validation to prevent directory traversal attacks.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 26, 2026, 01:29 AM