seo-check
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It retrieves and analyzes content from external URLs provided by the user or discovered during audits. If the analyzed content contains hidden or explicit instructions aimed at the AI, it could lead to the agent deviating from its SEO task.
- Ingestion points: External website content fetched via the WebFetch tool.
- Boundary markers: No specific delimiters or instructions are provided to the agent to treat external content as untrusted data.
- Capability inventory: Access to high-privilege tools including Bash, WebFetch, Read, Grep, and Glob.
- Sanitization: No evidence of sanitization or filtering of the fetched content before processing.
- [COMMAND_EXECUTION]: The skill requests access to the Bash tool. While the provided documentation only describes SEO-related utility, the availability of a shell environment allows for the execution of arbitrary commands if the agent is misled by malicious input.
- [EXTERNAL_DOWNLOADS]: The skill uses WebFetch to download data from external websites for analysis. It also references a well-known service (Google Search Console) for structured data validation, which is a legitimate and safe external reference.
Audit Metadata