programmatic-seo-planner
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Python scripts to perform competitor research and content analysis. These commands are restricted to the local skills directory and are essential to the primary function.
- Evidence:
python3 skills/site-content-catalog/scripts/catalog_site.pyandpython3 skills/reddit-scraper/scripts/scrape_reddit.pyused in SKILL.md. - [PROMPT_INJECTION]: An indirect prompt injection surface is present because the skill processes untrusted data retrieved from external competitor websites and social media platforms.
- Ingestion points: Data from competitor URLs and Reddit API outputs (Phase 1A and 1C).
- Boundary markers: Absent in the blueprint instructions.
- Capability inventory: Execution of localized Python scripts.
- Sanitization: No specific filtering or escaping of external content is described.
- [SAFE]: The skill encourages security best practices by instructing the user to store sensitive API credentials for services like DataForSEO or SEMrush in environment variables.
Audit Metadata