seo-review
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). It reads and processes content from external files provided by the user or found in the file system without explicit sanitization or boundary markers to distinguish between data and instructions.
- Ingestion points: Content is read from files located at
docs/seo/<slug>/draft.md,docs/seo/<slug>/outline.md, anddocs/seo/<slug>/keyword-data.md(SKILL.md). - Boundary markers: The instructions lack delimiters or specific warnings to the agent to ignore embedded instructions within the processed content.
- Capability inventory: The skill performs file-read operations and generates text-based reports (SKILL.md).
- Sanitization: There is no evidence of escaping, validation, or filtering of the external file content before it is processed by the model.
Audit Metadata